tag:blogger.com,1999:blog-75385557034057213802019-05-16T05:21:02.623-06:00Aircrack-ngOfficial Aircrack-ng blogMister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.comBlogger70125tag:blogger.com,1999:blog-7538555703405721380.post-70883615907367230052018-12-09T18:06:00.000-07:002018-12-09T18:16:24.308-07:00Aircrack-ng 1.5.2This is a smaller release than the previous one but we did want to release the fixes and improvements before the holidays so it will be available for Shmoocon next month in your favorite distro.<br /><br />Small issues were found in 1.5 and then in 1.5.1, which is why we ended up with 1.5.2. Respectively, a crash when running aircrack-ng without any arguments and 1.5.1 was still displaying 1.5 as the version number.<br /><br />Among visible fixes, the <a href="https://github.com/aircrack-ng/aircrack-ng/pull/1992" target="_blank">slip issue</a> in airodump-ng when selecting an AP in interactive mode is solved, the cursor will stay on the selected BSSID when the list moves around. By <a href="https://github.com/aircrack-ng/aircrack-ng/pull/1992" target="_blank">rewriting the queues handling wordlists</a> in aircrack-ng, some cracking issues and intermittent failures are fixed. We also have a new output file for GPS logging called <b>logcsv</b>. A few cosmetic issues have been fixed.<br /><br />There are also code quality improvements, a few new tests, improved and <a href="https://github.com/aircrack-ng/aircrack-ng/commit/f4f138d35af40a5be6be4f9c2098662ff1b42a37" target="_blank">updated Raspberry Pis detection</a> (nexmon), <a href="https://github.com/aircrack-ng/aircrack-ng/pull/1980" target="_blank">revamped GPS logging functionality</a> in airodump-ng, fixes for Big Endian and building/cross-compiling on various OSes and last but not least, building packages for Ubuntu 18.10.<br /><br /><b>Changelog</b>:<br /><br /><ul><li>Airodump-ng: Fixed AP selection slip in interactive mode</li><li>Airodump-ng: Revamped GPS logging functionality and added new logging format (<b>logcsv</b>)</li><li>Aircrack-ng: Only load the maximum supported and available crypto engine</li><li>Aircrack-ng: Reworked wordlist producer/consumer queue</li><li>Airserv-ng: Fixed communication between platforms with different size int</li><li>Airmon-ng: Improved detection of Raspberry Pis</li><li>General: Signed and unsigned comparison fixes</li><li>Package: Added package for Ubuntu 18.10 (Cosmic)</li><li>General: Code cleanups</li><li>General: Added more tests</li><li>General: Compilation improvements/fixes in autotools</li><li>General: Big endian fixes</li><li>General: Fixed building on FreeBSD and OpenBSD</li><li>General: Added instructions to compile on DragonflyBSD and OpenBSD</li><li>General: Fixed spelling errors</li></ul>Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-29156019120469916662018-11-07T18:02:00.000-07:002018-11-07T18:02:02.991-07:00Continuous Integration/Contious DeliveryAs mentioned a few times in the <a href="https://aircrack-ng.org/doku.php?id=changelog" target="_blank">changelog</a> and quite a bit in the <a href="https://github.com/aircrack-ng/aircrack-ng/commits/master" target="_blank">commits</a>, we have been using a bunch of tools to improve our code quality. And fine tuning them to do more and give us better information. We also use static analysis tools but that step is often done manually.<br /><br />GitHub has been making it fairly easy to integrate with tools, even custom ones. Their marketplace offers a number of tools to help for development. On top of that, some companies offer to use theirs for free on open source project, which is a great way to improve code quality.<br /><br />Let's walk through our current&nbsp;<a href="https://en.wikipedia.org/wiki/CI/CD" target="_blank">CI/CD</a> infrastructure.<br /><br />We first used <a href="https://scan.coverity.com/projects/aircrack-ng" target="_blank">Coverity Scan</a> to do static analysis. Even though there are false positives here and there, it's a useful tool. Every single item reported by Coverity explains the path taken that leads to issue. In some cases the complexity of the path is impressive, going through more than 100 conditions. Although it can be integrated with GitHub, it works independently in our case and submitting up to two times a day if there are changes since the last time a build was submitted.<br /><br />Later on, we added <a href="https://travis-ci.org/aircrack-ng/aircrack-ng" target="_blank">Travis CI</a>. It offers Ubuntu 14.04 and OSX and in both instances, we test using GCC and clang, as well as with gcrypt or openSSL.<br /><br />We then added <a href="https://ci.appveyor.com/project/aircrack-ng/aircrack-ng" target="_blank">AppVeyor</a> to build on Windows. We currently build on cygwin 32 and 64 bit as well as MSYS64 and it <a href="https://aircrack-ng.blogspot.com/2018/10/aircrack-ng-packages.html" target="_blank">builds a package for Windows</a>. With the exception of the package, it tries compiling with GCC and clang in all cases.<br /><br />If you haven't started doing CI/CD and need to build for Windows, consider using Travis as well as it now <a href="https://blog.travis-ci.com/2018-10-11-windows-early-release" target="_blank">supports it</a>.<br /><br />We then added <a href="https://buildbot.aircrack-ng.org/" target="_blank">buildbots</a>. Our buildbots cover current stable versions of:<br /><ul><li>Alpine Linux</li><li>Kali Linux</li><li>Kali Linux armel</li><li>Kali Linux armhf</li><li>FreeBSD</li><li>CentOS</li></ul>We also added a buildbot to test with Intel C++ Compiler.<br /><br />They all run on the same system with the exception of&nbsp;<b>armel</b>, <b>armhf</b> and <b>FreeBSD</b>&nbsp;that are separate.<br /><br />And very recently, we added another one to <a href="https://aircrack-ng.blogspot.com/2018/10/aircrack-ng-packages.html" target="_blank">build packages</a> for a number of Linux distributions. It also automatically builds release packages when a new release is tagged in GitHub and it builds git packages whenever code is committed in our repository.<br /><br />We are now planning to have our own buildbot server to consolidate, simplify and make it easier to manage our buildbot infrastructure. We'll add more systems and possibly use <a href="https://aircrack-ng.blogspot.com/2018/10/to-be-or-not-to-be-using-qemu-to-run.html" target="_blank">qemu to emulate specific CPUs</a>.Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-72956401352085334482018-10-15T18:54:00.000-06:002018-10-15T18:54:17.260-06:00To BE or not to BE? Using Qemu to run a Big Endian Debian systemAn <a href="https://github.com/aircrack-ng/aircrack-ng/issues/1968" target="_blank">issue was reported</a> on a Big Endian system. And, if memory serves right, we had Big Endian bugs a few times in the past.<br /><br />For readability, we'll refer to Big Endian as BE and Little Endian as LE.<br /><br />The reason we didn't catch the bug in the first place is, despite the fact that we have extensive testing on multiple OSes, using different compilers and across different CPUs, all our test systems are LE.<br /><br />Endianness is, basically, the way bytes are organized in memory. We started a long time ago with BE, then got LE systems. Some of them are <a href="https://www.mainline.com/linux-on-power-to-be-or-not-to-be-why-should-i-care/" target="_blank">Bi-endian</a> and can do either BE and LE. Wikipedia has more details if you'd like to <a href="https://en.wikipedia.org/wiki/Endianness" target="_blank">read about it</a>.&nbsp; <br /><br />There is a number of CPUs that can run in BE: SPARC, MIPS, PowerPC, ARM and a few others. Like our x86 CPUs, our favorite ARM boards all run in LE but they <a href="https://www.quora.com/Is-ARM-big-endian-or-little-endian" target="_blank">can also run Big Endian</a>. It was probably easier to run them in LE, less maintenance to do which means developers can focus on the important things: stability and improving hardware support<br /><br />We could blindly fix the bug in our tests, but being able to test it ourselves would be better and possibly easier. That could possibly open the door to a new buildbot.<br /><br />Finding a Linux (or BSD) that support it is <a href="https://www.linux-mips.org/wiki/Distributions" target="_blank">not easy</a>. Other option for a usable, recent Linux supporting BE is Gentoo, <a href="http://www.linuxfromscratch.org/" target="_blank">CLFS</a> and possibly Arch. Embedded OS such as OpenWrt is apparently another possibility but it is limited in terms of packages. Unfortunately, Debian <a href="http://tenfourfox.blogspot.com/2016/11/debian-drops-powerpc.html" target="_blank">dropped support for PowerPC (BE)</a> 2 years ago.<br /><br />FYI, if you are looking for cheap hardware for a native Big Endian system, look for a <a href="https://en.wikipedia.org/wiki/Power_Mac_G5" target="_blank">Power Mac G5</a> (or G4) and install FreeBSD <a href="https://download.freebsd.org/ftp/releases/powerpc/powerpc/" target="_blank">powerpc</a>. <br /><br />That's where qemu is great, as you can see in a <a href="https://aircrack-ng.blogspot.com/2018/09/debian-and-freebsd-on-qemu-with-mmx.html" target="_blank">previous post</a>. The advantage of doing it in software versus getting physical hardware is that it we can run it along the rest of the buildbots with existing hardware and thus we avoid having to spend extra to power dedicated hardware, its maintenance and rack space.<br /><br /><h3>Initial set-up</h3>First, we need to install qemu and its utilities. We'll use the MIPS architecture in this case, on an Ubuntu 18.04 64 bit host. If you want to try the PPC architecture, <a href="https://sskaje.me/qemu-powerpc/" target="_blank">this post</a> is a good starting point.<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">apt install qemu-system-mips qemu-utils</span><br /><br />Now, we need to get the appropriate kernel and initrd to do a netboot. You might need to adjust the URL to download the initrd and kernel in the future.<br /><br /><b>Note:</b> the <b>mips</b> architecture is BE. If we wanted to do LE, we would go with <b>mipsel</b> or <b>mips64el</b>. Same goes for PowerPC, however Debian only offers PPC in LE (<b>ppc64el</b>). All ARM on Debian is LE.<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">wget http://ftp.debian.org/debian/dists/stretch/main/installer-mips/current/images/malta/netboot/initrd.gz<br />wget http://ftp.debian.org/debian/dists/stretch/main/installer-mips/current/images/malta/netboot/vmlinux-4.9.0-7-4kc-malta</span><br /><br />Now, let's create a qcow2 disk image:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">user@ubuntu:~$ qemu-img create -f qcow2 disk.img 25G<br />Formatting 'disk.img', fmt=qcow2 size=26843545600 cluster_size=65536 lazy_refcounts=off refcount_bits=16</span><br /><br />Where:<br /><ul><li><b>-f qcow2</b> specifies the format, qcow2</li><li><b>disk.img</b> is the resulting file</li><li><b>25G</b> is the maximum size of the disk inside the image. That size is not allocated immediately, the file will keep growing as changes are done (additions/deletion).</li></ul>We are allocating much more than we actually need. A base installation would be fine with 2Gb.<br /><br /><h3>Installation</h3>Now, let's install Debian on the guest. Bear in mind that the installation will most likely take a few hours:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">qemu-system-mips -hda disk.img -kernel vmlinux-4.9.0-7-4kc-malta -initrd initrd.gz -nographic -m 256m </span><br /><br />Where<br /><ul><li><b>-hda</b> points to the disk image</li><li><b>-kernel</b> points to the kernel we downloaded</li><li><b>-initrd</b> points to the netboot install initrd</li><li><b>-nographic</b> will not open a graphic interface and display output in the current console</li><li><b>-m 256m</b> gives 256Mb of memory to the guest. 32 bit kernels are limited to 256Mb of RAM (if unspecified, default for qemu is 128Mb). 64 Bit MIPS qemu can get up to 2047Mb but there isn't any Debian for that. If you were to use more than 256Mb, adding <b>"mem=256m@0x0 mem=XXXm@0x90000000"</b> to -append (where XXX is the amount in -m minus 256Mb) <a href="https://people.debian.org/~aurel32/qemu/mips/" target="_blank">might be needed</a></li></ul><br /><b>Note:</b> mips64 would have been preferable because it can support more RAM but Debian doesn't offer that architecture.<br /><br />It will start in the console. Simply follow the instructions like you would install a regular Debian system. The only two important choices that were made here, were to install all files in a single partition (and use the simple guided process when partitioning) and not install any X system due to the low memory.<br /><br />At the end of the installation, a warning windows will be displayed mentioning there is no bootloader installed. It is expected, so it's fine.<br /><br /><a href="http://1.bp.blogspot.com/-ikVUyrmLpUw/W7wR46S7Q5I/AAAAAAAAAHM/a98g4e06kXUaXDj0sTD9UIKdnfLlbBINwCK4BGAYYCw/s1600/mips_qemu_no_boot_loader.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="192" src="https://1.bp.blogspot.com/-ikVUyrmLpUw/W7wR46S7Q5I/AAAAAAAAAHM/a98g4e06kXUaXDj0sTD9UIKdnfLlbBINwCK4BGAYYCw/s320/mips_qemu_no_boot_loader.png" width="320" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />A few moments later, Debian will let you know the installation is done. It will not shutdown but reboot (and restart with the netinstall if we let it). Interrupt the process by closing the terminal window (or hit <b>Ctrl + a, c</b> then input the command '<b>quit</b>' to stop it).<br /><br /><a href="http://2.bp.blogspot.com/-geknjqkcB4U/W7wSeZ_6ikI/AAAAAAAAAHY/HpIGfO504RMwVNMNNKzvxuSAKxxOzQYsQCK4BGAYYCw/s1600/mips_qemu_reboot.png" imageanchor="1"><img border="0" height="192" src="https://2.bp.blogspot.com/-geknjqkcB4U/W7wSeZ_6ikI/AAAAAAAAAHY/HpIGfO504RMwVNMNNKzvxuSAKxxOzQYsQCK4BGAYYCw/s320/mips_qemu_reboot.png" width="320" /></a>.<br /><br /><br />The initrd we downloaded earlier is for netinstall only it won't work to boot our system. We'll need to grab the one generated during the installation. For this, we'll mount the qcow2 image we just installed, <b>disk.img</b>. One way to mount it is to use the tools included with Qemu.<br /><br />We first need to load <b>nbd</b> module:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">sudo modprobe nbd</span><br /><br />Then we connect the image to <b>/dev/nbd0</b> and mount its first partition (because we installed all the files in a single partition) somewhere on our host:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">mkdir qcow<br />sudo qemu-nbd --connect=/dev/nbd0 disk.img <br />sudo mount /dev/nbd0<b>p1</b> qcow</span><br /><br />From there, we'll copy the initrd from <b>/boot</b> then unmount it and disconnect the image:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">cp qcow/boot/initrd.img-4.9.0-7-4kc-malta .<br />sudo umount qcow<br />sudo qemu-nbd --disconnect /dev/nbd0</span><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">rmdir qcow </span><br /><br />Now, let's update our above command line to run our newly installed system:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">sudo qemu-system-mips -hda disk.img -kernel vmlinux-4.9.0-7-4kc-malta -initrd <b>initrd.img-4.9.0-7-4kc-malta -append "root=/dev/sda1"</b> -nographic -m 256m -net user,hostfwd=tcp::1022-:22 -net nic</span><br /><br />We also added forwarding to access SSH on the system. Refer to the <a href="https://aircrack-ng.blogspot.com/2018/09/debian-and-freebsd-on-qemu-with-mmx.html" target="_blank">previous blog post</a> for more details about it.<br /><br />After booting, we're greeted with a familiar prompt:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">Debian GNU/Linux 9 debian ttyS0<br /><br />debian login:</span><br /><br />After logging in with the credentials we configured during the installation, running <b>lscpu</b> will give the following result:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">root@debian:~# lscpu<br />Architecture:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; mips<br />Byte Order:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Big Endian<br />CPU(s):&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1<br />On-line CPU(s) list:&nbsp;&nbsp; 0<br />Thread(s) per core:&nbsp;&nbsp;&nbsp; 1<br />Core(s) per socket:&nbsp;&nbsp;&nbsp; 1<br />Socket(s):&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1<br />BogoMIPS:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1161.21</span><br /><br />Which confirms it's a BE system. There are a <a href="https://unix.stackexchange.com/questions/88934/is-there-a-system-command-in-linux-that-reports-the-endianness" target="_blank">number of other ways</a> to determine that.<br /><br />Updating the system will bring a new kernel, and we'll simply have to follow the same procedure as described above when we copied the initrd. In this case, get both the new kernel and its corresponding initrd then adjust the qemu command line once again for the next time we boot it (update both <b>-kernel</b> an <b>-initrd</b> entries):<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">sudo qemu-system-mips -hda disk.img -kernel <b>vmlinux-4.9.0-8-4kc-malta</b> -initrd <b>initrd.img-4.9.0-8-4kc-malta</b> -append "root=/dev/sda1" -nographic -m 256m -net user,hostfwd=tcp::1022-:22 -net nic</span><br /><br />Here is what the updated system looks like (<b>uname -a</b>):<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">Linux debian 4.9.0-8-4kc-malta #1 Debian 4.9.110-3+deb9u5 (2018-09-30) mips GNU/Linux</span><br /><br /><h3>Trimming</h3>The qcow2 image will keep growing even if we remove packages or delete files. Reclaiming free space is just a matter of zero'ing the disk space left in the guest then recompressing the image on the host after powering it off.<br /><br />The first step is to fill the disk with zero's in the guest using <b>dd</b> then deleting the file. Make sure you have enough disk space on the host before you do that:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">dd if=/dev/zero of=zerofile<br />rm -f zerofile</span><br /><br />Deleting the file is very important or you may end up with an unbootable system. If that happens, just mount the qcow2 image like shown above and delete the file.<br /><br />When done, shut the guest down. If you look at the file, <b>disk.img</b>, on the host, it will take the amount of space we initialized it with, 25Gb. Now, recompress it:<br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;"><br />mv disk.img disk.img.bak<br />qemu-img convert -O qcow2 disk.img.bak disk.img</span><br /><br />After installation and updates, it took approximately 1.8Gb and recompressed, 1.6Gb, saving roughly 200Mb.<br /><br /><br />Now, enjoy your new MIPS Big Endian system. Compiling aircrack-ng inside is exactly the same procedure as you would do on a regular x86 Debian system.Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-11814362492689494682018-10-06T13:05:00.003-06:002018-10-08T20:52:44.528-06:00Aircrack-ng packagesAs mentioned in our <a href="https://aircrack-ng.blogspot.com/2018/09/aircrack-ng-14.html" target="_blank">1.4 release blog post</a>, we are now providing packages (repositories) for a "few" Linux distributions (and sometimes multiple version of each of them):<br /><ul><li>Debian</li><li>Ubuntu</li><li>Mint</li><li>SLES</li><li>OpenSuse</li><li>Fedora</li><li>RHEL</li><li>CentOS</li><li>Amazon Linux</li><li>Elementary OS</li></ul>TL;DR: if all you want is to install the package, head over <a href="https://packagecloud.io/aircrack-ng" target="_blank">here</a>.<br /><br /><h3>Rationale</h3>Packages are an easy and convenient way to install software compared to compiling it.<br /><br />All you have to worry about, after installing a package, is to make sure your system is up to date and there is no need to worry about each individual piece of software anymore. Today's distributions often even check automatically and notify if updates are available.<br /><br />Another reason is that most Linux distributions often have old versions of Aircrack-ng in their repository and sometimes are a few years old. <br /><br />It can be a problem for us when providing support. We often end up telling people to uninstall and recompile the latest release or try the current development code where the bug they're experiencing is fixed.<br /><br />If you're a software developer, it's not too hard to figure out how to compile a piece of software, as long as the software is current and is documented. However, in some cases, it can get complicated.<br />And if you're not a developer, it is a daunting task.<br /><br />We recently decided to tackle this issue and provide recent versions via packages, and for multiple OSs.<br /><br /><h3>Why not a snap or a flatpak?</h3>There are more than just those two possibilities as you can see in <a href="https://www.reddit.com/r/linux/comments/4ohvur/nix_vs_snap_vs_flatpak_what_are_the_differences/" target="_blank">this post</a> and all of those software are still not widely adopted yet. We may, in the future, offer <a href="https://snapcraft.io/" target="_blank">snaps</a> or <a href="https://www.flatpak.org/" target="_blank">flatpaks</a>.<br /><br /><h3>Buildbots</h3>For <a href="https://en.wikipedia.org/wiki/CI/CD" target="_blank">CI/CD</a>, we have been using buildbots on top of Travis CI and AppVeyor to automatically build Aircrack-ng on multiple platforms and multiple distros. It happens to every commit done to the master branch in our GitHub repository<br /><br />We recently added a packages building bot to the buildbots for all the distributions mentioned on top.<br /><br /><h3>Building packages and dependencies</h3><br />Creating packages for that many distributions is not easy and if we did it the same way package managers do, we would have to keep spending a considerable amount of time and resources. So, the decision was made that the best route was to statically compile latest version of the dependencies into Aircrack-ng.<br /><br />Basically, all the dependencies needed for each binary are built into each of them and what that means practically is that you can take the executable and just copy and paste it on another distro, no matter what packages are installed on that distro and how old or outdated it is, it would just work.<br /><br />It wasn't an easy feat.<br /><br />There is a drawback, the binaries are larger than if they were coming from the distribution itself (or if you were compiling them yourself with the default options), because they are dynamically linked to its dependencies, which are sometimes shared with other software.<br /><br />There is also a huge advantage. As mentioned above, we can support multiple OS and multiple versions of each of these OS easily and&nbsp; as a bonus, you will always have the latest version of the dependencies which are, most of the time, newer than what your distribution is providing. Added bonus: it sometimes fix bugs found in the library available in the distro.<br /><h3>&nbsp;</h3><h3>Repositories</h3>Maintaining repositories to distribute the packages was another issue, we could have gotten an <a href="https://help.ubuntu.com/community/PPA" target="_blank">Ubuntu PPA</a> repository, our own repository for Debian, the different derivatives of SuSe and RedHat but maintaining repositories for different distributions is a time and resources consuming task. So, we went with <a href="https://packagecloud.io/aircrack-ng" target="_blank">PackageCloud.io</a> to handle it.<br /><br />They provides instructions on how to add each of the repositories, either manually or automatically via their script. Afterward, it is just a matter of installing or updating Aircrack-ng via your package manager.<br /><br />As mentioned, two flavors are available:<br /><ul><li><a href="https://packagecloud.io/aircrack-ng/release" target="_blank">release</a>: Any release published on our website, starting from this release, 1.4</li><li><a href="https://packagecloud.io/aircrack-ng/git" target="_blank">git</a>: for the most adventurous, built from each commit in our GitHub repository, with the latest features and bug fixes. While our repository is fairly stable, it may sometimes have bugs</li></ul>Providing packages also means our package is a drop-in replacement for the existing Aircrack-ng package available from your distro and it will still be working with any package that requires it as a dependency. <br /><br /><h3>Windows</h3>Windows doesn't have any package manager we can leverage. Development binaries for Windows, built from our GitHub repository, are available on <a href="https://ci.appveyor.com/project/aircrack-ng/aircrack-ng" target="_blank">AppVeyor</a>. On that link, select the last target, <b>pkg</b>, then click on the <b>Artifacts</b> tab.<br /><br /><h3>Sauce</h3>To make our life easier so we can focus on the development, it is, like all the CI/CD, automated thanks to our buildbots. The magic sauce is in <a href="https://github.com/aircrack-ng/aircrack-ng/blob/master/build/pipelines/package.yaml" target="_blank">packages.yaml</a> in <b>build/pipelines</b>.<br /><b></b><br /><b></b><br /><h3>Finally</h3><br />If your distribution is providing an up to date package of Aircrack-ng, we recommend to use it instead of our packages. That is, unless you are using the <b>git</b> packages.<br /><br />If your distribution isn't in the list of supported ones but uses DEB or RPM packages, you can try overriding the distribution in PackageCloud installation script <br /><br />If you have any question about it, please head to our <a href="https://forum.aircrack-ng.org/" target="_blank">forum</a>.Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-2255510643014625812018-09-29T13:59:00.000-06:002018-09-29T13:59:41.151-06:00Aircrack-ng 1.4We are pleased to announce our <a href="https://aircrack-ng.org/" target="_blank">third release</a> this year. It focuses a lot on code quality and adds a few visible features:<br /><ul><li>PMKID cracking</li><li>Crack 802.11w capture files</li><li>Speed and memory usage improvement when loading (large) files with Aircrack-ng and Airdecap-ng </li><li>Packages for Linux distributions and Windows</li></ul>While we didn't bring as much as in the previous release, we keep on improving continuous integration/delivery tools and our code quality keep increasing. <br /><br />Other notable changes in this release:<br /><ul><li>Fix building on various platforms</li><li>Improved and tweaked our CI/CD processes</li><li>Using new CI/CD tools for our buildbots and packaging, PyDeployer</li><li>Almost doubled the amount of tests</li></ul><h3>PMKID</h3>On routers with 802.11i/p/r, the AP can cache an "ID" for the connection so roaming clients don't have to waste frames reauthenticating and just use the <a href="https://lets-start-to-learn.blogspot.com/2014/08/pmksa-derivation-and-storage-in-80211i.html">PMKID</a>, which helps decrease a bit the latency (from 6 frames to only 2).<br /><br />Calculation is of the PMKID is done this way:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">PMKID = HMAC-SHA1-128(PMK, "PMK Name" | BSSID | STA MAC)</span><br /><br />A big advantage here is that this PMKID is present in the first EAPoL frame of the 4-way handshake.<br /><br />A few caveats about this attack: <br /><ul><li>Sometimes APs send empty PMKID</li><li>It doesn't work on WPA/WPA2 Enterprise networks</li></ul><br />When loading a PCAP, Aircrack-ng will detect if it contains a PMKID. In the following screenshot, it is present for the network <b>ogogo</b>, notice the "<b>with PMKID</b>" on the same line:<br /><br /><a href="http://1.bp.blogspot.com/-Xt_rnNcb_SA/W62QM0VOjMI/AAAAAAAAAHA/NPghIpo1q2g8guCmg385Y7PLsMhEV-P9gCK4BGAYYCw/s1600/1.4.png" imageanchor="1"><img border="0" height="157" src="https://1.bp.blogspot.com/-Xt_rnNcb_SA/W62QM0VOjMI/AAAAAAAAAHA/NPghIpo1q2g8guCmg385Y7PLsMhEV-P9gCK4BGAYYCw/s320/1.4.png" width="320" /></a> <br /><br />When selecting the network, it will use it as if it were a regular PCAP with a handshake (and thus the wordlist requirement applies).<br /><br />If you'd like to test, two capture files with PMKID are available in our test files:<br /><ul><li><a href="https://github.com/aircrack-ng/aircrack-ng/raw/master/test/test-pmkid.pcap">test-pmkid.pcap</a></li><li><a href="https://github.com/aircrack-ng/aircrack-ng/raw/master/test/test1.pcap">test1.pcap</a></li></ul><br />More details about the attack itself can be found in <a href="https://hashcat.net/forum/thread-7717.html">this post</a>.<br /><h3>Packages</h3>Distros often have old versions of Aircrack-ng in their repository. Sometimes a few years old. We recently decided to tackle this issue to provide recent versions, and for multiple OSs.<br /><br />For <a href="https://en.wikipedia.org/wiki/CI/CD">CI/CD</a>, we have been using buildbots, on top of Travis CI and AppVeyor, to automatically build aircrack-ng on multiple platforms and multiple distros. It happens to every commit done to the master branch in our GitHub repository.<br /><br />We recently added <a href="https://packagecloud.io/aircrack-ng/git">packages</a> building to the buildbots for a bunch of different distro: Debian, Ubuntu, Mint, SLES, OpenSuse, Fedora, RHEL, CentOS, Amazon Linux and Elementary OS. Stable release packages will be available shortly. <br /><br />More details will be provided in a separate blog post. Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com1tag:blogger.com,1999:blog-7538555703405721380.post-87642776804722389992018-09-01T11:45:00.002-06:002018-09-16T13:37:59.454-06:00Debian and FreeBSD on QEMU with MMX-only CPUA recent bug (and <a href="https://github.com/aircrack-ng/aircrack-ng/pull/1943" target="_blank">PR</a>) was opened, aircrack-ng couldn't be built with MMX using a <a href="https://myonlineusb.wordpress.com/2011/06/08/what-is-the-difference-between-i386-i486-i586-i686-i786/" target="_blank">i586</a> toolchain.<br /><br />The PR looks pretty simple and just removed some code to allow building with <a href="https://en.wikipedia.org/wiki/MMX_(instruction_set)" target="_blank">MMX</a>. Building the code will obviously work. There isn't a x86 CPU these days that cannot support anything less than <a href="https://en.wikipedia.org/wiki/SSE2" target="_blank">SSE2</a>, which was released after MMX.<br /><br />So, let's take the opportunity to use <a href="https://www.qemu.org/" target="_blank">qemu</a> to emulate a MMX-only CPU so we can actually test how it runs on such CPU after building it.<br /><br />If you aren't familiar, qemu is known to emulate a lot of different CPUs, most of the time to play (old) games and using non-x86 CPU. It supports a wide range of x86 CPU too. Using it might sound intimidating but it's actually fairly easy.<br /><br />Pentium MMX, <a href="https://en.wikipedia.org/wiki/Pentium_II" target="_blank">Pentium 2</a> (and probably Celeron of that same generation) as well as a few AMD support MMX and do not have any SSE/SSE2 instructions.<br /><br />Another feature in the Pentium 2 is <a href="https://en.wikipedia.org/wiki/Physical_Address_Extension" target="_blank">PAE</a> support. Celeron of the same generation typically don't support PAE. Basically, memory was addressed, like the CPU, with 32 bit, which means a limitation of 4Gb of memory. PAE extended this to 64 bit, allowing more memory on 32 bit CPUs. The OS also has to support it.<br /><br />The vast majority of Linux distributions these days are built with PAE even if they mention they ship in i386/i486. One exceptions: Debian. However, Debian derivative distributions don't support non-PAE systems. CentOS 6 or 7 may work too but they haven't been tested.<br /><br />In this example, Ubuntu 18.04 64 bit Desktop was used as a host but it should work on any other currently supported OS. We'll download the latest i386 debian ISO (XFCE or netinst) on the host.<br /><br />First step is to install qemu and required tools:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">apt-get install qemu qemu-system-i386 qemu-tools</span><br /><br />Now, let's create a disk of 10Gb called <b>hda</b>:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">qemu-img create hda 10G</span><br /><br />And finally, we start the VM using qemu:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">qemu-system-i386 -cpu pentium2,enforce -cdrom debian-9.5.0-i386-xfce-CD-1.iso -m 2G -show-cursor -net user,hostfwd=tcp::1022-:22 -net nic hda</span><br /><br />Let's go over the different options.<br /><br /><b><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">-cpu pentium2</span></b> will use a typical Pentium 2 system. Details of that system can be found by running <span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;"><b>man qemu-system-i386</b></span>. The '<span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">enforce</span>' parameter forces to use the instructions of that CPU only. By default, qemu will run executables on the host CPU <a href="https://lists.gnu.org/archive/html/qemu-discuss/2017-07/msg00002.html" target="_blank">as shown here</a>, hence why the use of enforce, to fully emulate how a program would behave on that CPU.<br /><br />The second option, <b><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">-cdrom debian-9.5.0-i386-xfce-CD-1.iso</span></b> will mount the ISO inside the emulated system as a CDROM. This option won't be needed when the system is installed.<br /><br /><b><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">-m 2G</span></b> will give 2Gb of RAM to the emulated system. By default, QEmu allocates 128Mb of RAM, which is definitely not enough for Debian; it requires 139Mb. We just raise it to 1Gb to have some margin when we'll run the desktop.<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;"><b>-show-cursor</b></span> displays the mouse cursor. Otherwise it is invisible. <br /><br /><b><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">-net user,hostfwd=tcp::1022-:22 -net nic </span></b>is initializing a NIC so we can access the virtual machine SSH server from the host. We'll have to connect using <span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">ssh 127.0.0.1 -p 1022</span><br /><br />And finally <span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;"><b>hda</b></span>, the disk we created previously.<br /><br />A screen will pop up. The installation process is no different than a regular computer; it will just take much longer while because we are emulating a system.<br /><br />Restarting the virtual machine later on will use the same command as above minus the <b><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">-cdrom</span></b> option.<br /><br />Here is the output of lscpu on the newly created VM:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;"><b>user@debian</b>:~$ lscpu<br />Architecture:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; i686<br />CPU op-mode(s):&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 32-bit<br />Byte Order:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Little Endian<br />CPU(s):&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1<br />On-line CPU(s) list:&nbsp;&nbsp; 0<br />Thread(s) per core:&nbsp;&nbsp;&nbsp; 1<br />Core(s) per socket:&nbsp;&nbsp;&nbsp; 1<br />Socket(s):&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1<br />Vendor ID:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; GenuineIntel<br />CPU family:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6<br />Model:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 5<br />Model name:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Pentium II (Deschutes)<br />Stepping:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2<br />CPU MHz:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2591.957<br />BogoMIPS:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 5183.91<br />Flags:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 mmx fxsr hypervisor</span><br /><br />I bet you never seen a Pentium II overclocked that much :) <br /><br />Once we got it compiled, to make sure it isn't executed on the host (that supports anything from MMX to AVX2), we will try running the SSE2 version of the executable:<br /><br /><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">user@debian:~$ aircrack-ng --simd=sse2 -S<br />Illegal instruction</span><br /><br />As expected, it ended up with an <span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;"><b>Illegal instruction</b></span> and it means the CPU is fully emulated in the guest (and not executed directly on the host). Anything other than the generic version will result in that error.<br /><br />So, since the toolchain used is i586, we need to go even further than <b>pentium2</b> and use the <b>pentium</b> CPU in qemu (<a href="https://en.wikipedia.org/wiki/P5_%28microarchitecture%29#P55C" target="_blank">P55C</a>). However, we have a serious issue here, there isn't a Linux distribution that supports i586 anymore, not even Debian. If you try to boot it on such platform, it will fail to boot the kernel with a CMOV instruction missing error. So, that would leaves us with <a href="https://retrocomputing.stackexchange.com/questions/1811/which-linux-or-bsd-distributions-do-still-support-i386-i486-or-i586-cpus" target="_blank">Gentoo</a>.<br /><br />Linux isn't the only option here and BSD supports older CPUs. For example, latest FreeBSD (11.2) still supports i486 CPUs.<br /><br />The set-up (and results) is identical to what was done for Debian earlier. Installation is straight-forward, exactly the same as you would expect on a real system. And results will be identical.<br /><br /><br /><br />Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-56758490829174579492018-07-10T19:11:00.000-06:002018-08-25T20:03:06.138-06:00Aircrack-ng 1.3We're bringing more good stuff in <a href="https://aircrack-ng.org/" target="_blank">this release</a>. We've been busy fixing bugs left and right, some of them thanks to Coverity Scan, valgrind and other static code analyzers. <br />We've also refactored some of the code and improved the code quality along the way. We can now successfully build across lots of platforms (Windows, Linux, BSD, OSX) and CPU architectures (x86 and 64 bit, ARM v7, ARM v8, PowerPC, etc)<br /><br />Aircrack-ng gets a speed bump on pretty much all of the CPU architectures we cover: x86/ARM/PPC. The following graph show the improvements on a Raspberry Pi 3B+. <br /><br /><br /><a href="http://4.bp.blogspot.com/-GOVhDvJmdfM/W0TzpO7Rs0I/AAAAAAAAAFg/d3x_iwKpkf4SI3pEmqsxKAio0rXgpj45ACK4BGAYYCw/s1600/rpi3b-1.2-vs-master-8b32dbb.png" imageanchor="1"><img border="0" height="240" src="https://4.bp.blogspot.com/-GOVhDvJmdfM/W0TzpO7Rs0I/AAAAAAAAAFg/d3x_iwKpkf4SI3pEmqsxKAio0rXgpj45ACK4BGAYYCw/s320/rpi3b-1.2-vs-master-8b32dbb.png" width="320" /></a><br /><br />It may seem that this release is slower than previously (1.2rc3) on non x86 32/64 bit but due to a bug, the cracking speeds were incorrectly calculated. More details can be found in <a href="https://github.com/aircrack-ng/aircrack-ng/issues/1690#issuecomment-395257938" target="_blank">this bug report</a>. On a side note, our benchmark tool is available in <a href="https://github.com/aircrack-ng/aircrack-ng/blob/master/build/benchmark" target="_blank">build/benchmark</a>. <br /><br />Here is a benchmark for the <a href="http://nanopi.org/NanoPi-NEO2_Feature.html">NanoPi NEO2</a>:<br /><br /><br /><a href="http://4.bp.blogspot.com/-VkMBxG1pIyo/W0U4yv-KXUI/AAAAAAAAAGk/9VNHgO-wUI0pfuH-zaTw8qUtLrCos44hwCK4BGAYYCw/s1600/nanopi_neo2.png" imageanchor="1"><img border="0" height="232" src="https://4.bp.blogspot.com/-VkMBxG1pIyo/W0U4yv-KXUI/AAAAAAAAAGk/9VNHgO-wUI0pfuH-zaTw8qUtLrCos44hwCK4BGAYYCw/s320/nanopi_neo2.png" width="320" /></a><br /><br />We had the chance to test Aircrack-ng on a 96-core ARM system ...<br /><br /><br /><a href="http://2.bp.blogspot.com/-TgKQilMnvRw/W0T0rVaeQrI/AAAAAAAAAGM/NFuZurIqZu8UICmP1MQVP_-tyKhnyf6WgCK4BGAYYCw/s1600/benchmark.png" imageanchor="1"><img border="0" height="232" src="https://2.bp.blogspot.com/-TgKQilMnvRw/W0T0rVaeQrI/AAAAAAAAAGM/NFuZurIqZu8UICmP1MQVP_-tyKhnyf6WgCK4BGAYYCw/s320/benchmark.png" width="320" /></a><br /><br /><br />... and an IBM Power8 with 160 cores <br /><br /><br /><a href="http://1.bp.blogspot.com/-Ubk9YZwuUTY/W0VUB9RmjbI/AAAAAAAAAG0/QWbe-o5pxbc5So5ICMlV0utDVd7WdaE4wCK4BGAYYCw/s1600/benchmark.png" imageanchor="1"><img border="0" height="232" src="https://1.bp.blogspot.com/-Ubk9YZwuUTY/W0VUB9RmjbI/AAAAAAAAAG0/QWbe-o5pxbc5So5ICMlV0utDVd7WdaE4wCK4BGAYYCw/s320/benchmark.png" style="cursor: move;" width="320" /></a><br /><br />You can see a significant performance improvement in this release (with the blue line) and you can expect more optimizations in the future, those systems have a lot of potential. <br /><br />A long-awaited feature has been added: the ability to pause cracking and restart later on. If you intend to pause the cracking at some point in time, start a cracking session with <b>--new-session</b>. You'll be able to restore it using <b>--restore-session</b>. In both cases, the session status is updated every 10 minutes. It works with WEP and WPA/WPA2. Two limitations though: it can only be used with wordlist and they must be files.<br /><br />Internal changes to aircrack-ng itself and it make is even better than 1.2. It is now back to a single binary. It still compiles the different possible optimizations for a CPU type and loads the fastest optimization based on what the current CPU supports. In the case of x86, the following optimizations will be compiled:<br />- generic<br />- SSE2<br />- AVX<br />- AVX2<br /><br />AVX512 is also available but it is strongly recommended to compile it in only if the CPU running aircrack-ng supports it (configure with <b>--with-avx512</b>). <br /><br />Support for <a href="http://jemalloc.net/" target="_blank">Jemalloc</a> and <a href="https://gperftools.github.io/gperftools/tcmalloc.html" target="_blank">tcmalloc</a> was added. They used to provide improvements over the system malloc but testing on Ubuntu 16.04 (x86) showed the system malloc is faster in both cases:<br /><br /><a href="http://1.bp.blogspot.com/-k01HunDLNX8/W0T0WkZsD_I/AAAAAAAAAFs/tndGueqvWdgLx5GyA3qG1unYQacRYjZGgCK4BGAYYCw/s1600/jemalloc36.png" imageanchor="1"><img border="0" height="240" src="https://1.bp.blogspot.com/-k01HunDLNX8/W0T0WkZsD_I/AAAAAAAAAFs/tndGueqvWdgLx5GyA3qG1unYQacRYjZGgCK4BGAYYCw/s320/jemalloc36.png" width="320" /></a><a href="http://2.bp.blogspot.com/-0iCEjmZqDv4/W0T0W0dAUuI/AAAAAAAAAF0/PxqSd7IUZJEjBfgWJXY7bkwxSJFYfr-swCK4BGAYYCw/s1600/tcmalloc24.png" imageanchor="1"><img border="0" height="240" src="https://2.bp.blogspot.com/-0iCEjmZqDv4/W0T0W0dAUuI/AAAAAAAAAF0/PxqSd7IUZJEjBfgWJXY7bkwxSJFYfr-swCK4BGAYYCw/s320/tcmalloc24.png" width="320" /></a><br /><br />Last, but not least for aircrack-ng, it now supports Hashcat HCCAPx files as input file to crack.<br /><br /><br />Other changes worth noting:<br /><br />- Airodump-ng adds a new option to override background detection, <b>--background</b> and can now handle GCMP and CCMP-256 encryption.<br />- dcrack sees a few improvements, mostly internal fixes as well as a few to better handles errors and corner cases<br />- Documentation improvements: use of hex wordlists, compilation on OSX, experimental tools compilation<br />- WPE: Logging Response-Identity and display of NETNTLM hash in Hashcat format for HostAPd-WPE and updated building instructions for Freeradius-WPE 3.0.17 <br />- Code reformatted using clang-format. The <a href="https://github.com/aircrack-ng/aircrack-ng/blob/master/.clang-format" target="_blank">formatting file</a> has been provided for use with IDE (or through the command line itself using <a href="https://clang.llvm.org/docs/ClangFormatStyleOptions.html" target="_blank">clang-format</a>)<br />- Typos fixed thanks to codespell <br />- and much more!Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-72820847116954445112018-04-15T18:03:00.001-06:002018-04-15T18:36:03.013-06:00Aircrack-ng 1.2It's been way too long since the last stable release.<br /><br />Compared to the last stable, 1.1, almost 8 years ago, <a href="https://aircrack-ng.org/">this release </a>has a huge amount of improvements and fixes. The changelog since 1.1 is almost 300 lines long (1200+ commits). Code quality has improved, in parts thanks to <a href="https://scan.coverity.com/projects/aircrack-ng">Coverity Scan</a>. We now switched to <a href="https://github.com/aircrack-ng/aircrack-ng/">GitHub</a> completely and have a few buildbots (including one for Windows) to test building and run the test suite on a different platforms.<br /><br />The build system has switched to autotools, which fixes and improves building on a number of different platforms, CPUs and compilers (gcc, clang and Intel).<br />Aircrack-ng is now a lot faster on recent CPUs (up to 3 times) and a trampoline binary automatically chooses the best executable for your CPU instructions. There is no need to change any of the commands, it is done transparently. Both those changes will make distro package builder's task easier and they won't have to worry about how to build it to be compatible with the most CPUs.<br /><br />Continuing with Aircrack-ng, it can also output WPA hashes to EWSA and hashcat format for processing with those tools.<br /><br />There is 802.11 support in airodump-ng with HT40+/HT40- channels and it now displays the rate correctly for 802.11n or 802.11ac Access Points. For those using GPS, it now supports the recent version of GPSd with JSON.<br /><br />Airmon-ng itself has a number of improvements in chipset/driver detection. The most notables improvements, on top of new chipset/driver detection, is the support for FreeBSD and on Linux, the support for <a href="https://github.com/seemoo-lab/nexmon">Nexmon</a> driver (monitor mode driver) on the Raspberry Pi 3 (and 0 Wireless) using Kali. Airtun-ng now supports WPA/2.<br /><br />For the folks following our release candidates, this doesn't bring much compared to <a href="https://aircrack-ng.blogspot.com/2018/04/aircrack-ng-12-release-candidate-5.html">rc5</a>, just a few small fixes and adds UTF8 ESSID support in airodump-ng and aireplay-ng. So, if you are already running <a href="https://aircrack-ng.blogspot.com/2018/04/aircrack-ng-12-release-candidate-5.html">1.2rc5</a>, update is merely advised, otherwise, it is highly recommended.<br /><br /><br /><b>Changelog from rc5:</b><br /><br /><ul><li>General: Fixed compiling Windows binaries and updated README.md/INSTALLING. </li><li>General: Fixed commands to install dependencies on Debian/Ubuntu and FreeBSD. </li><li>General: Added command to install dependencies on Fedora/CentOS/RHEL. </li><li>General: Removed packages/ directory. </li><li>General: Added Alpine Linux and Kali Linux buildbots. </li><li>General: Fixed configure with <span style="font-size: x-small;"><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">--with-libpcap-include=/somewhere/include</span></span> and <span style="font-size: x-small;"><span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">--with-libpcap-lib=/somewhere/lib</span></span>. </li><li>General: Fixed search for ethtool when running as a non-root user. </li><li>General: Various fixes. </li><li>Airmon-ng: Fixed mktemp on Alpine Linux. </li></ul>Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-1607732412953071722018-04-03T19:09:00.001-06:002018-04-03T19:09:13.087-06:00Aircrack-ng 1.2 Release Candidate 5On top of tons of fixes and improvements everywhere (and on multiple platforms), <a href="https://aircrack-ng.org/">this release</a> switched to autotools which allows compiling on more platforms. A trampoline binary has been added for Aircrack-ng to automatically select the fastest version for your CPU features. It will also help package maintainers greatly.<br /><br />A few other notable mentions:<br /><ul><li>Airodump-ng supports setting HT40+/HT40- channels and now displays 802.11n and 802.11ac rates.</li><li>Created WPA Enterprise WPE patches for HostAPd and Freeradius</li><li>Support to export to HCCAPx for Hashcat v3.6+</li><li>Added <a href="https://github.com/Caesurus/airventriloquist">Airventriloquist-ng</a>, a tool from Caesurus.</li><li>Airmon-ng supports setting <a href="https://github.com/seemoo-lab/nexmon">Nexmon</a> devices in/out of monitor mode on Kali</li></ul><br /><br /><b>Changelog</b><br /><br /><ul><li>General: Switching to autotools which allows compiling on more plateforms.</li><li>General: Updated README.md and INSTALLING files.</li><li>General: Fixed compilation on a lot of platforms.</li><li>General: Fixed compilation warnings across platforms and compilers.</li><li>General: Fixed typos in the tools and in manpages.</li><li>General: Replace %d/ld with %u/lu for unsigned printf parameters.</li><li>General: Added option to disable stack protector.</li><li>General: Improved makefile to get reproducible builds.</li><li>General: Fixed compilation with OpenSSL 1.1.0.</li><li>General: Updated radiotap parsing code.</li><li>General: Updated all URLs to use HTTPS.</li><li>General: Fixed compilation with libreSSL.</li><li>General: Added WPS 2.0 test PCAP.</li><li>General: Do not use stackguard on Windows.</li><li>General: Fixed warnings on GCC7.</li><li>General: Improved code quality using Coverity Scan.</li><li>General: Added badges for Coverity scan and Intel compiler buildbot</li><li>Aircrack-ng: Use trampoline binary to automatically select fastest executable depending on the CPU</li><li>Aircrack-ng: Fixed missing include for linecount.</li><li>Aircrack-ng: Fixed concurrency issues when reading multiple WEP PCAP.</li><li>Aircrack-ng: Added support for creating HCCAPx file format.</li><li>Airodump-ng: Get the channel from HT information.</li><li>Airodump-ng: Detect WPS 2.x.</li><li>Airodump-ng: Also check current directory for OUI file.</li><li>Airodump-ng: Fixed writing ESSID to CSV, Kismet CSV and Kismet NetXML files when ESSID gets decloaked and cloaked length was 1.</li><li>Aireplay-ng: Added deauthentication reason code option.</li><li>Aireplay-ng: Increase amount of AP to test when running injection test.</li><li>Airodump-ng: Fixed 802.11a channel hopping list.</li><li>Airodump-ng: Fix creation of .xor files.</li><li>Airodump-ng: Added support for HT channels (HT20/HT40-/HT40+).</li><li>Airodump-ng: Now displaying correct rate for 802.11n or 802.11ac AP.</li><li>Airmon-ng: Fixed checking for processes.</li><li>Airmon-ng: Fixed display of "cannot access '/sys/class/ieee80211/': No such file or directory".</li><li>Airmon-ng: Fixed bashisms.</li><li>Airmon-ng: Fixed display of specific drivers.</li><li>Airmon-ng: Fixed display of cards on the sdio bus.</li><li>Airmon-ng: Now supports nexmon driver on RPi 3 (and 0 Wireless) using Kali Linux.</li><li>Airmon-ng: Added identification for another realtek chipset and generic Ralink/MT.</li><li>Airmon-ng: Handle 2 types of rfkill commands and updated unblock text.</li><li>Airmon-ng: more portable modinfo usage.</li><li>Airmon-ng: remove grep -P references upon request.</li><li>Airmon-ng: Do not replace driver name by ?????? when driver is valid.</li><li>Airgraph-ng: Removed irrelevant comment in README.</li><li>Airgraph-ng: Handle SSID with double quotes.</li><li>Airgraph-ng: Fixed parsing OUI file.</li><li>Airdrop-ng: Updated lorcon2 installation instructions.</li><li>Besside-ng: Fixed 'wi_read(): No child processes' error.</li><li>Airdecloak-ng: Fixed segfault due to NULL pointer dereference.</li><li>osdep: Remove wi_set_channel(1) on open wifi interface (cygwin).</li><li>osdep: Fixed RAW socket resource leak.</li><li>Patches: Created WPE patches and documentation for current HostAPd and Freeradius versions.</li><li>Airodump-ng: Fix incorrect if conditions which always are false.</li><li>Airodump-ng: Remove useless not NULL check.</li><li>Airventriloquist: New tool from https://github.com/Caesurus/airventriloquist/</li><li>dcrack: Fixed indentation.</li><li>TravisCI: Fixed compilation on OSX.</li><li>AppVeyor: Added support for AppVeyor, CI for cygwin builds.</li></ul>Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-80670181004631897512018-03-11T11:01:00.002-06:002018-03-11T11:01:40.318-06:00Migration to GitHubWe have been wanting to migrate to GitHub for quite some time. We already had subversion to GitHub synchronization, so some of the work was already done. What was left were tickets. <br />We now finally migrated completely to GitHub.<br /><br /><br />It was a lot more complicated than what it sounds because we had tickets on trac and issues + pull requests on GitHub. One of the key migration goals was to replicate the data in such a way<br /> as to near perfectly clone it; all while not bothering our entire user base with GitHub notifications.<br /><br /><a href="https://twitter.com/jbenden">Joe Benden</a> did most of the work. The same person who helped us migrating to autotools. I did not expect such a level of professionalism and perfectionism in the work. We probably had a total 10 to 15 test-runs, each taking 1 to 2 days to complete and a lot of discussions to find the best solutions to issues/limitations we came across. Each test run was followed by review and feedback to improve it on the next run.<br /><br /><br />All the trac tickets are correctly linked to each other and have their attachments. We had some ticket numbers skipped in trac, due to spam some time ago. Luckily, GitHub API allows to skip issues numbers. A lot of fine tuning was done to do it the way we wanted. One of the item was linking tickets that was sometimes done in different ways (<b>#123</b> or <b>https://trac.aircrack-ng.org/tickets/123</b> or sometimes <b>hxxp:// trac.aircrack-ng.org/tickets/123</b>). Even URLs were corrected where needed. Along with a bunch of other small details.<br /><br /><br />Attachment was a big issue since we wanted to keep them and GitHub pretty much only allows text files or pictures in issues. Anything else is out of question. The best solution we could think about was to store them in a <a href="https://github.com/aircrack-ng/trac-attachments">repository</a>, GitHub only limiting large attachments which wasn't a problem in this case. On the filesystem, trac doesn't organize them neatly in directories, by names. Instead, it uses some kind of hashing algorithm and it is necessary to look up in the trac database to match them with the tickets and create a script to batch rename them.<br /><br /><br />Surprisingly, migrated trac tickets look much better than migrated GitHub issues. They look OK but that is due to GitHub API limitations.<br /><br /><br />One of the decisions was to avoid spamming people with notifications, so all the tickets are created with the Aircrack-ng account. GitHub doesn't allow to set the creation date or the author (there is a mix or email addresses, anonymous author or just username looking reporters) and with almost 2000 tickets, the best solution was to write down the author and date/time in the issues themselves.<br /><br /><br />Pull requests is tricky, they can't be migrated from one repo to another, period, even when using the API. So, we now have a copy of the existing ones, without link to the code change. So, if anybody who had a PR in the old repository, if you can recreate it in the new one, it would be great. GitHub API has also some kinds of limitation regarding closed PR/issues.<br /><br /><br />The reason why we decided to create another repository has to do with importing trac tickets and numbering. Matching would have been way too complicated if we appended to the existing repository. On top of that, if it failed somehow, we had no way of going back. It would also have complicated testing significantly.<br /><br /><br />Finally, while doing the migration, we noticed that the paid accounts don't have as much rate-limiting as the free accounts and the migration went a lot faster than expected. Just a few hours vs 2 days.<br /><br /><br />We kept the old repository and renamed it <a href="https://github.com/aircrack-ng/aircrack-ng-archive/">aircrack-ng-archive</a> in case we need to look back at some issue/PR history.Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-54410901344213616062017-10-16T17:21:00.002-06:002017-11-08T11:55:40.375-07:00KRACK WPA Vulnerability - Key Reinstallation AttaCK<b>TL;DR at the end.</b><br /><br /><h2>Short summary</h2>It is a new vulnerability in the WPA handshake implementation that allows in certain cases to decrypt a lot/all the WPA traffic without knowing the key (and it won't reveal the key).<br /><br />Most devices are affected but Linux and Android are most affected. Patching will fix the issue.<br /><br />The attack works if you are connecting to a legitimate access point, which means the attacker has to be in range of both devices. If you are far away from your legitimate AP (such as traveling), it won't affect you.<br /><br />Proof of concept code (to test the vulnerability) hasn't been published yet.<br /><h2>Who needs to worry?</h2>Businesses and governments are more likely at risk due to (trade) secrets and personal information they handle.<br /><br />Even though your device(s) are most likely vulnerable, there is no reason to worry. It is a bad flaw but the chances of having it exploited is rare, especially considering the PoC hasn't been published yet.<br /><br />To put it in comparison, there are still WEP access point around but that doesn't mean they are attacked all the time. However, it isn't a reason to keep vulnerable stuff around, fix (or replace) them.<br /><h2>More details please</h2><iframe src="https://player.vimeo.com/video/238827849" width="640" height="360" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe><br /><ul><li>A <a href="https://www.krackattacks.com/" target="_blank">very detailed website</a></li><li>Original <a href="https://papers.mathyvanhoef.com/ccs2017.pdf" target="_blank">paper </a></li></ul><h3>CVEs</h3><ul><li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13077" target="_blank">CVE-2017-13077</a>: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.</li><li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13078" target="_blank">CVE-2017-13078</a>: Reinstallation of the group key (GTK) in the 4-way handshake.</li><li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13079" target="_blank">CVE-2017-13079</a>: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.</li><li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13080" target="_blank">CVE-2017-13080</a>: Reinstallation of the group key (GTK) in the group key handshake.</li><li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13081" target="_blank">CVE-2017-13081</a>: Reinstallation of the integrity group key (IGTK) in the group key handshake.</li><li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13082" target="_blank">CVE-2017-13082</a>: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.</li><li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13084" target="_blank">CVE-2017-13084</a>: Reinstallation of the STK key in the PeerKey handshake.</li><li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13086" target="_blank">CVE-2017-13086</a>: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.</li><li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13087" target="_blank">CVE-2017-13087</a>: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.</li><li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13088" target="_blank">CVE-2017-13088</a>: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.</li></ul><h3>CWE</h3><ul><li><a href="https://cwe.mitre.org/data/definitions/323.html" target="_blank">CWE-323</a>: Reusing a Nonce, Key Pair in Encryption</li></ul><br />You might also want to check out <a href="https://arstechnica.com/information-technology/2017/10/how-the-krack-attack-destroys-nearly-all-wi-fi-security/" target="_blank">Ars Technica</a> (even though their title is a bit dramatic in my opinion), <a href="http://www.kb.cert.org/vuls/id/228519" target="_blank">US CERT advisory</a> which includes some affected vendors and the <a href="https://www.fixkrack.com/" target="_blank">FixKrak</a> website.<br /><h2>How to test it?</h2>Mathy Vanhoef, the author of this vulnerability, posted tools on his <a href="https://github.com/vanhoefm/krackattacks-scripts">GitHub</a> to test AP/client vulnerability.<br /><h2>How to fix it?</h2>Update (or patch) your systems when updates are available, plain simple (and keep them up to date).<br /><br />Some vendors as well as some Linux distributions already provided a fix and if you keep your devices up to date, then they should already be patched. For other devices, you are dependent on the vendor to provide a patch.<br /><br />If your (vulnerable) device is End of Life, it might be a good time to replace it (it is probably not be the only vulnerability in it).<br /><br />A list of vendor responses is available <a href="https://github.com/kristate/krackinfo#vendor-response-complete" target="_blank">here</a> and <a href="https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/">here</a>.<br /><h2>TL;DR</h2>Don't worry, another day, another vulnerability. Just <a href="https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/" target="_blank">patch/update</a> your stuff (computers, cellphone/tablets, AP/routers, IoT) and keep them updated. Businesses/governments should contact their vendors for a patch/press release regarding the vulnerability (devices are not always vulnerable) and if you are running an EoL device, it might be a good time to replace it.Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com2tag:blogger.com,1999:blog-7538555703405721380.post-28214295698541678132017-08-15T19:50:00.002-06:002017-08-16T15:27:58.554-06:00On drivers, rtl8812au, WN722N, monitor mode, QCA6174, other news and status of linux-backports aka compat-wirelessWhen discussing in the forum/IRC, it feels that I'm repeating the same things again and again.<br /><br />I deal with Wi-Fi, play with packets and develop around it every day so all that stuff is fairly easy for me but I realize it is not always obvious. Some of it is because a quick search in <b>THE Google</b> ;) or the Aircack-ng forums or Kali forum would give you the answer.<br /><br />So here is a summary of some of the things I can think of.<br /><br /><h2>Using another driver</h2>I sometimes see questions or statements like this "T<i>his Broadcom driver doesn't work in AP/monitor mode, can I use ath9k for my (Broadcom) card?</i>" or "<i>Can I just use the Airpcap driver to get monitor mode in Windows?</i>"<br />The answer to both of those is no. Drivers are made for a specific chipset (which is integrated on a wireless card) or a bunch of them that behave similarly. <br /><br />Some will say this is wrong and they are partially correct: the only choice you have is pretty much <b>VENDOR_DRIVER</b> or open source driver. Where the <b>VENDOR_DRIVER</b> doesn't support monitor mode, so it is out of question. Yes, <b>VENDOR_DRIVER</b> sometimes can be made to support monitor mode, but they won't do it out of the box. <b>Spoiler alert</b>: manufacturers don't care about monitor mode.<br /><br />You can't just use another driver because the other work better. If you look at the internals in the code, you will see they all are very different. Some of them even require a firmware (and even a specific version) to be loaded so they can work.<br />Most firmwares are closed source, so if a card behave badly or crashes, the only thing that you can do is bother the manufacturer to fix it, Linux kernel driver developers often can't do much about it.<br /><br />If you feel adventurous, start developing or fixing bugs in the wireless drivers, Linux kernel developer always need help. If you can't, search and report bugs and provide useful information.<br /><br /><h2>Driver not working for card</h2>This issue got exacerbated recently with rtl8812au and newer cards being released. If you look at drivers, you'll notice that they contains a list of USB IDs (or PCI ID if it's linked to the PCIe bus) for the known cards using the driver.<br />When a card is plugged on the system, the kernel read its ID and matches it with the appropriate driver.<br /><br />Developers have a limited set of cards they can test stuff on and new cards with different IDs get released from time to time. So, a driver, even though it will work with a specific card will not be loaded and attached to the card because it doesn't have the IDs. Even if you force loading the driver (modprobe/insmod), it will not work.<br /><br />An update of that ID table is required to support the new card as well as the driver to be recompiled.<br /><br /><h2>rtl8812au support</h2>The driver, from <a href="https://github.com/astsam/rtl8812au" target="_blank">astam</a>, which is also built as a <a href="https://www.kali.org/news/kali-linux-20171-release/" target="_blank">package for Kali</a>, supports monitor mode and injection.<br /><br />This driver, as is, will most likely never be supported by airmon-ng. The reason is that it is kind of a Frankenstein driver and it doesn't behave the same way any other driver does. It mixes the old ieee80211 stack and the newer mac/cfg80211 stack.<br /><br />Aircrack-ng tools can be used with it as long as it is in monitor mode but putting it in monitor mode is done in an usual way (check out the README.md on their GitHub for details in the link above).<br /><br /><h2>Embedded chipsets</h2>Those are tricky and most of them won't support monitor mode and even injection. The reason behind it is those need to use as little power as possible, so your phone can last longer.<br /><br />With a few exceptions though:<br /><ul><li>Raspberry Pi 3 or zero Wireless using Nexmon drivers: monitor mode and injection. For those who played with Kali images with the <a href="https://github.com/seemoo-lab/nexmon" target="_blank">NexMon driver,</a> if you download the current version of <a href="http://svn.aircrack-ng.org/trunk/scripts/airmon-ng" target="_blank">airmon-ng</a> (in our subversion repository), it helps putting the card in monitor mode (even though it's an easy command, it's one less command to remember.</li><li>Nokia N900: Capture and injection in 802.11bg (no n). With a 5000mAh battery and capturing 802.11 frames, the battery will last at most 4 hours and the chip emits a decent amount of heat. That 5000mAh battery usually gives 4-5 days in normal use.</li><li>G1 (I think): same driver as N900 AFAIK.</li><li>ESP8266 (and similar): they seem to support 802.11n in monitor mode (and limited injection?) but those are Arduino-type boards with a 802.11n chip.</li></ul>So, to sum it up, your Android will most likely not have monitor mode (if you want it, you'll need to use <a href="https://www.kali.org/kali-linux-nethunter/" target="_blank">NetHunter</a> and a compatible card).<br />If you're using iOS, forget it, Apple doesn't care about it, that will never happen.<br /><br /><h2>Monitor mode</h2>We often see people wondering why they can't catch a handshake or data or see any traffic even though their device is connected. What happens is that the card you have probably doesn't support capturing in the mode your connected device is using. Some card that advertise 802.11n/ac capabilities sometimes cannot capture in that mode (and you are limited to 802.11bg), this is either a limitation of the driver/firmware.<br /><br />802.11n/ac adds some more complexity: it might also not have enough streams (remember those 2x2, 1x1, 3x3?) to capture it: If the station is using 2 stream to send/receive data to the Access Point and your capture card is 1 stream, assuming it can capture in n or ac, will not be able to see the traffic.<br /><br />There are other possible issues but those are the most common explanations.<br /><br /><h2>QCA6174 (ath10k)</h2>In summary, that card is a PoS. Firmware crashes very often (even for normal operations that would work with any other card) and it is very unlikely it will be fixed. It supports monitor mode but will not give a single packet.<br /><br />The firmware being closed source, kernel developers are pretty much giving up on that specific chipset.<br /><br />Ath10k, most of the time, work fine but this specific chipset is doomed. Throw it away and switch to <a href="https://wikidevi.com/wiki/Ath9k" target="_blank">ath9k</a> compatible card, you won't regret it (or just use a supported USB card).<br />Or if you want to stick with it, you can bother Atheros (now Qualcomm) about it. <br /><br /><h2>TP-Link WN722N</h2>TP-Link recently released a new version of the card (with a different chipset, some Realtek IIRC) and when you buy this card, you don't get the AR9170 chipset (ath9k_htc) anymore.<br /><br />For those using it in AP mode (as well as any other card using <b>ath9k_htc</b> driver), it has a limitation in the number of stations it can handle (between 5 and 8). It is a physical limitation, not the driver.<br /><br /><h2>Linux-backports, aka compat-wireless</h2>People also misname it to combat-wireless which is pretty funny.<br /><br />Linux-backports is the latest name and is supposed to bring the latest updates to drivers for pretty much any kernel so you don't have to recompile the whole kernel. Recompiling a kernel is a daunting task, especially if you want to do it right (keep updated with security updates, making sure stuff still work, not breaking other stuff in your distro).<br /><br />So, when you download, let's say linux-backport-4.1, it will bring the latest updates in the wireless drivers from kernel 4.1. The numbers here refer to the kernel version.<br /><br />Unfortunately, due to lack of time, they haven't been updated in a long time. If you are able to compile them (most likely not due to the amount of changes), you will downgrade your wireless drivers.<br /><br /><b>TL;DR</b>: DON'T USE COMPAT-WIRELESS/LINUX-BACKPORTS ANYMORE.<br /><br /><h2>So, any more good news?&nbsp; </h2><ul><li>ath9k works fine in all modes. If you want to create a cheap attack box, look into the PCEngines APU.</li><li>Some Ubiquiti 802.11ac AP can be used to capture in 802.11ac mode (with 3 or 4 streams depending on the unit you buy). Either out of the box or when flashed with OpenWrt.</li><li>If you do a lot of GPU cracking and like AWS, Kali released <a href="https://www.kali.org/news/cloud-cracking-with-cuda-gpu/" target="_blank">instances</a> ready to be used with hashcat. No need to install drivers or anything.</li><li>Kali now has a book called <a href="https://kali.training/" target="_blank">Kali Revealed</a>, you can either read it online or buy a hard copy on Amazon. </li></ul><br />Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com7tag:blogger.com,1999:blog-7538555703405721380.post-75435764194199566232017-08-09T15:14:00.004-06:002017-08-09T15:14:50.716-06:00Lesser known feature of aircrack-ng: interactive mode and keysAirodump-ng has an interactive mode and all the keys are detailed in the <a href="http://aircrack-ng.org/doku.php?id=airodump-ng#interaction" target="_blank">wiki</a>. We'll go through some of them here.<br /><br />The <b>spacebar</b> is probably the most useful as it can pause the display of airodump-ng such as when you notice something on the screen.<br />Don't worry, only the display is paused and it keeps capturing, saving all the files in the background. When hitting the <b>spacebar</b> again, it will go back to normal and refresh the screen with the current data.<br /><br />Let's explore some of the interactive parameters (excerpt from the wiki):<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://4.bp.blogspot.com/-UghtrLeJNEg/WYt6kr_0eJI/AAAAAAAAAEY/SKc33psPGtYMXHwe-ZZRRkuLbFlHccwhQCLcBGAs/s1600/interaction.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="355" data-original-width="925" height="243" src="https://4.bp.blogspot.com/-UghtrLeJNEg/WYt6kr_0eJI/AAAAAAAAAEY/SKc33psPGtYMXHwe-ZZRRkuLbFlHccwhQCLcBGAs/s640/interaction.png" width="640" /></a></div><br /><br />The screen refresh can be adjusted with the '<b>--update</b>' parameter. So if you want it refreshed every 5 seconds instead of the 1 second default, use add '--update 5' to your airodump-ng command.<br /><br /><br />Now let's scroll through the access points list using Tab. Use the arrows <b>UP</b> and <b>DOWN</b> to navigate in the list.<br /><br />The most useful feature in my opinion is the coloring one: '<b>m</b>'. Once you hit that key, it will color the AP selected. To switch to other colors, keep hitting 'm'. You will notice that the associated stations will be have the same color as the access point.<br /><br />Another key is '<b>s</b>'. It will change the sorting. Be careful, sorting can sometime be out due to the list of Access Points changing. In order to reset sorting (to the default 'Power'), use the '<b>d</b>' key.<br /><br />If you can't remember what they keys are, remember that every tool in the suite has a corresponding manual page. In this case '<b>man airodump-ng</b>'. Look for "<b>INTERACTION</b>" in that page. Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-46335884639218358332017-03-27T14:29:00.004-06:002017-03-27T14:31:28.209-06:00Lesser known features of Aircrack-ngI recently received an email suggesting to adding features to aircrack-ng. Even though most of the stuff can be found in the <a href="https://www.aircrack-ng.org/doku.php">documentation</a>, it might be worth talking about. <br /><h1>Reading from compressed wordlist</h1>Aircrack-ng can read words from a pipe, which is very convenient and you can use pretty much any program to generate words and display them on the screen (each line will be considered a word) and pass them to aircrack-ng.<br /><br />About compressed files, there are tools to decompress files on the fly and display the output on the screen such as <a href="https://linux.die.net/man/1/zcat">zcat</a> who takes care of gzip compressed files (there are others and most compression/decompression tools have a feature to display decompressed output to the screen).<br /><br />Here is how it would look like:<br /><br /><code>zcat file.gz | aircrack-ng pcap_to_crack.pcap -w -</code><br /><br />In this example, it decompress <b>file.gz</b> and '<b>cat</b>' the result to the screen, then we pipe it to aircrack-ng. Aircrack-ng reads wordlists files using <b>-w</b> and in order to tell it to get it from a pipe (to be technical, stdout from the previous command became stdin in aircrack-ng), you have to use the '<b>-</b>' as parameter for <b>-w</b>. <br /><br /><h1>Rainbow tables</h1><a href="https://www.aircrack-ng.org/doku.php?id=airolib-ng">airolib-ng</a> can generate tables (in <a href="https://www.sqlite.org/" target="_blank">SQLite</a> format) or import them from cowpatty's format. Once the table is generated, use <b>-r</b> in aircrack-ng to read them (instead of a wordlist). <br /><h1>Distributed cracking</h1>There is a tool in the script/ directory to do that called <a href="https://svn.aircrack-ng.org/trunk/scripts/dcrack.py">dcrack.py</a>. As a matter of fact, check out that entire directory, there are a few useful scripts in there. <br /><br />Running the script will give you a help screen. Here is what the architecture look like to better understand the different parameters:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-akC34DlMKxA/WNl0mh4aBZI/AAAAAAAAADw/EouzKV2ECXw9zNyFDXQhS7iiy_J5Gs1HQCLcB/s1600/dcrack.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://1.bp.blogspot.com/-akC34DlMKxA/WNl0mh4aBZI/AAAAAAAAADw/EouzKV2ECXw9zNyFDXQhS7iiy_J5Gs1HQCLcB/s320/dcrack.png" width="296" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">The different clients represent the cracking systems, the server coordinates everything based on the performance of each client. Each client joining the server will have its performance assessed and when a wordlist is uploaded, it will be split according to each client's performance so they all take the same amount of time to process the dictionary.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">The laptop (you) send commands to the server to upload dictionary, to upload capture files, to start the cracking process and obtain the status of the cracking process (as well as the key).</div><div class="separator" style="clear: both; text-align: left;"><br /></div>When uploading a PCAP &nbsp;file, it is highly recommended to clean it up and just leave a beacon as well as the 4 EAPoL packets (or less if you have less) of the 4-way handshake or you'll risk aircrack-ng choosing the wrong packets when cracking. There is a <a href="http://aircrack-ng.org/doku.php?id=wpa_capture" target="_blank">tutorial about it in the wiki</a>.Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com1tag:blogger.com,1999:blog-7538555703405721380.post-20528656294921575872017-02-20T22:00:00.001-07:002017-02-20T22:47:24.661-07:00iw monitor mode flagsOut of curiosity, I looked at <span style="font-family: &quot;courier new&quot; , &quot;courier&quot; , monospace;">iw </span>to&nbsp;set monitor mode and it has the following flags:<br /><br /><a href="http://3.bp.blogspot.com/-blchVy9I18U/WKvUXPTJPiI/AAAAAAAAADg/0TTUgLtt6i8WANbHe7jrGAMvGuf0ybf6QCK4B/s1600/iw.png" imageanchor="1"><img border="0" height="79" src="https://3.bp.blogspot.com/-blchVy9I18U/WKvUXPTJPiI/AAAAAAAAADg/0TTUgLtt6i8WANbHe7jrGAMvGuf0ybf6QCK4B/s320/iw.png" width="320" /></a><br /><br />Pretty much all of them seem pretty self-explanatory but it's worth giving more details about each of them:<br /><ul><li><b>fcsfail</b>:&nbsp;<a href="https://en.wikipedia.org/wiki/Frame_check_sequence" target="_blank">FCS</a>&nbsp;(Frame Check Sequence) is the checksum of the frame (CRC32), to make sure it was received correctly. By default, a driver should only forward valid frames to the monitor mode interface. This flag allow you to receive frame that also fail the test. One of the use could be monitoring the quality of a wireless network.</li><li><b>control</b>: There are&nbsp;3 type of frames: <a href="https://en.wikipedia.org/wiki/IEEE_802.11#Layer_2_.E2.80.93_Datagrams" target="_blank">data, management and control</a>. Data is pretty obvious. Management help maintain a connection and control (beacons, probe request/response, authentication, association, deauthentication, deassociation, etc). Control help facilitate the transmission of frame between devices (ACK, RTS, CTS, etc). This is hardware-dependent.</li><li><b>otherbss</b>: It would allow receiving frames from other <a href="https://en.wikipedia.org/wiki/Service_set_(802.11_network)" target="_blank">BSS</a>&nbsp;(other than the ones to/from the access point the card is connected to or the clients this access point is serving). This is hardware-dependent.</li><li><b>cook</b>: Refer to a mode for <a href="https://w1.fi/hostapd/" target="_blank">HostAPd</a> where authentication frames that mac80211 didn't actually look at. It is only for&nbsp;<b>ancient</b> versions of HostAPd.</li><li><b>active</b>: ACK is time sensitive and software is too slow to answer it quick enough so this would be done in the hardware itself instead of software. If an ACK is not received within a certain amount of time, the frame will be considered as lost and a new frame with the <a href="https://en.wikipedia.org/wiki/IEEE_802.11#Layer_2_.E2.80.93_Datagrams" target="_blank">retry flag</a> will be sent. The only exception would be <b>very</b> long distance links: the longer the links, the longer it takes for a frame to arrive and in some <b>rare</b> cases, software could be fast enough.</li></ul><div><br /></div><div>TL;DR: <b>none</b> is what you need.</div>Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-4203442563252281402016-02-15T20:28:00.001-07:002016-02-15T20:28:15.823-07:00Aircrack-ng compilation matrixI tried to compile Aircrack-ng on a 'few' systems to see how it works and I was quite surprised by the amount of systems it can be compiled on (and most of the time, it can be compiled with both <a href="https://gcc.gnu.org/" target="_blank">gcc</a> and <a href="http://clang.llvm.org/" target="_blank">clang</a>).<br /><br />Here is the status for the current development code (<a href="https://trac.aircrack-ng.org/changeset/2846" target="_blank">r2846</a>). I will update this matrix and add more details from time to time.<br /><br /><br /><table> <caption>On x86 (32/64 bit)</caption> <thead><tr> <th></th> <th>GCC</th> <th>Clang/LLVM</th> </tr></thead> <tbody><tr> <td><b>Linux</b></td> <td><span style="color: green;">Yes</span></td> <td><span style="color: green;">Yes</span></td> </tr><tr> <td><b>OpenWrt</b></td> <td><span style="color: green;">Yes</span></td> <td>Untested</td> </tr><tr> <td><b>Cygwin 32 bit</b></td> <td><span style="color: green;">Yes</span></td> <td><span style="color: green;">Yes</span></td> </tr><tr> <td><b>Cygwin 64 bit</b></td> <td><span style="color: green;">Yes</span></td> <td><a href="https://trac.aircrack-ng.org/ticket/1674"><span style="color: red;">No</span></a></td> </tr><tr> <td><b>OSX (Travis CI)</b></td> <td><span style="color: green;">Yes</span></td> <td><span style="color: green;">Yes</span></td> </tr><tr> <td><b>FreeBSD</b></td> <td><a href="https://trac.aircrack-ng.org/ticket/1673"><span style="color: red;">No</span></a></td> <td><span style="color: green;">Yes</span></td> </tr><tr> <td><b>OpenBSD</b></td> <td><span style="color: green;">Yes</span></td> <td><span style="color: green;">Yes</span></td> </tr><tr> <td><b>NetBSD</b></td> <td>Untested</td> <td>Untested</td> </tr><tr> <td><b>DragonFlyBSD</b></td> <td><span style="color: green;">Yes</span></td> <td>No package</td> </tr><tr> <td><b>Solaris</b></td> <td><span style="color: green;">Yes</span></td> <td><span style="color: green;">Yes</span></td> </tr></tbody></table><br /><br /><table> <caption>Other CPUs (Linux)</caption> <thead><tr> <th></th> <th>GCC</th> <th>Clang/LLVM</th> </tr></thead> <tbody><tr> <td><b>ARM 32 bit</b></td> <td><span style="color: green;">Yes</span></td> <td><span style="color: green;">Yes</span></td> </tr><tr> <td><b>ARM 64 bit</b></td> <td><span style="color: green;">Yes</span></td> <td>Untested</td> </tr><tr> <td><b>MIPS</b></td> <td><span style="color: green;">Yes</span></td> <td><span style="color: red;">No</span></td> </tr></tbody></table>Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-66861357268692653952016-02-14T19:34:00.001-07:002016-02-14T19:34:26.805-07:00Aircrack-ng 1.2 Release Candidate 4<a href="http://aircrack-ng.org/">Fourth release candidate</a>. There will be another one, some small bugs still need to be fixed but it should happen fairly soon. On top of a big speed increase (up to 175% increase) that also fixes compilation on Cygwin 64 bit, it includes a ton of fixes and improvements on Linux, *BSD, Solaris and Cygwin on x86 and Linux on ARM and MIPS.<br /><br /><b>Changelog</b><br /><br /><ul><li>Airodump-ng: Increase console window size.</li><li>Aircrack-ng: Added time remaining and percentage done when doing WPA cracking with a dictionary (file).</li><li>Aircrack-ng: Make benchmark last 15 seconds for a more accurate value.</li><li>Aircrack-ng: Fixed compilation on Cygwin 64 and drastically improve cracking speed for all CPUs (up to +175% performance).</li><li>Airmon-ng: Improved chipset detection on FreeBSD.</li><li>Airmon-ng: Display chipset for some Broadcom SDIO.</li><li>Airbase-ng: Fixed broadcasting 'default'.</li><li>General: Updated and cleanup TravisCI file to test compilation and testing on OSX.</li><li>General: Fixed reading large files on Cygwin.</li><li>General: Fixed a bunch of compilation warnings with gcc and clang.</li><li>General: Fixed compilation on Solaris, OpenBSD, DragonFlyBSD 4.4, NetBSD, OSX.</li><li>General: Fixed compilation on ARM and MIPS.</li><li>General: Improved compatibility on FreeBSD and Cygwin (RAM and CPU detection).</li><li>General: Fixed gcc segfault on cygwin.</li><li>General: Memory cleanups, fixed memory leaks and fix other issues reported by Valgrind.</li><li>Testing: Fixes on various OSes.</li><li>INSTALLING: Updated installation instructions for different OS.</li><li>TravisCI: Improved file.</li></ul>Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-66882695605713626652015-12-30T01:52:00.001-07:002015-12-30T02:08:51.341-07:00Cracking speed improvementsAlmost 8 years, we got pretty big improvement with SSE2 code to crack WPA, a nice upgrade from MMX.<br /><br />I recently posted a bug bounty to fix the <a href="https://trac.aircrack-ng.org/ticket/1128" target="_blank">compilation of Aircrack-ng on Cygwin 64 bit</a>. It's been working fine on Linux 64 bit but for some reason, Cygwin didn't like when compiling on 64 bit.<br />We couldn't have tested it back then since Cygwin 64 bit didn't exist at the time.<br /><br />darkfires took up the challenge to fix the compilation on Cygwin 64 bit. After that, he helped fix a bunch of memory leaks and other issues as well as improving cracking speed quite a bit, which is the reason of this post.<br /><br />The task was pretty daunting and a lot of testing was needed to make sure it works on the different CPU architectures (x86 32 and 64 bit, various ARM) and different OSes (Cygwin, Linux, BSD, Solaris, OSX).<br />On top of the usual 'fixing something on one, breaking on the other', here are three examples on how complicated it was:<br /><br /><ul><li>Different CPU support different features and instructions set and detecting them wasn't an easy task. For example, on Raspberry Pi (v1), gcc supports '<a href="http://www.arm.com/products/processors/technologies/neon.php" target="_blank">neon</a>' and we can compile aircrack-ng with them but the CPU itself doesn't support them which means aircrack-ng crashes and it has to be disabled. On the Beaglebone, the CPU support neon instructions.</li><li>gcc can compile with AVX2 instructions on x86. However, if the CPU doesn't support it, aircrack-ng will crash with a nice error: 'Illegal instruction'.</li><li>Some code that works to get CPU features (such as MMX, SSE, <a href="https://en.wikipedia.org/wiki/Advanced_Vector_Extensions" target="_blank">AVX</a>) works on some CPU and doesn't on others.</li></ul>There is no way to explain in details how complicated it was to make it work on all those different combinations of CPU and OSes. darkfires has spent countless hours making all of this work.<br /><br />To give you an idea how much work has been done, the patch was ~375Kb and ~11K lines long.<br /><br />On top of it, the Aircrack-ng CPU detection code has been rewritten on x86 to give more details. Here is what 'aircrack-ng -u' now looks like:<br /><br /><span style="font-family: Courier New, Courier, monospace;">Vendor &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;= Intel</span><br /><span style="font-family: Courier New, Courier, monospace;">Model &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; = Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz</span><br /><span style="font-family: Courier New, Courier, monospace;">Features &nbsp; &nbsp; &nbsp; &nbsp;= MMX,SSE,SSE2,SSE3,SSSE3,SSE4.1,SSE4.2,AVX</span><br /><span style="font-family: Courier New, Courier, monospace;">Hyper-Threading = Yes</span><br /><span style="font-family: Courier New, Courier, monospace;">Logical CPUs &nbsp; &nbsp;= 8</span><br /><span style="font-family: Courier New, Courier, monospace;">CPU cores &nbsp; &nbsp; &nbsp; = 4</span><br /><span style="font-family: Courier New, Courier, monospace;">SIMD size &nbsp; &nbsp; &nbsp; = 4 (128 bit)</span><br /><br />Last but not least, here are the numbers.<br /><br /><table border="1" cellspacing="3" style="width: 100%px;"><tbody><tr><th></th><th>1.2rc3</th><th>r2800</th><th>Increase</th></tr><tr><td>Celeron M 1.4Ghz</td><td>138k/s</td><td>152k/s</td><td>+10%</td></tr><tr><td>i7-2630QM</td><td>~3000k/s</td><td>~4000k/s</td><td>+33%</td></tr><tr><td>E3-1231 v3</td><td>~4900k/s</td><td>~13100k/s</td><td>+167%</td></tr><tr><td>i5-4590</td><td>~4700k/s</td><td>~11600k/s</td><td>+146%</td></tr><tr><td>i7-6700K</td><td>~6200k/s</td><td>~17100k/s</td><td>+175%</td></tr></tbody></table><br />It's still pretty far from GPU cracking speeds but there are pretty significant gains thanks to AVX. The second version provides the most gains as you can see on the numbers above.<br /><br />Bonus thing: if you are a package maintainer, you can compile aircrack-ng with different improvements. Simply edit the <b><i>common.cfg</i></b> and put <b><i>MULTIBIN=true</i></b> and when running <b><i>make</i></b> will compile 3 different versions: the original, SSE and SIMD.<br /><br />We have tested it quite a bit on different CPU and OSes but please test (simply get the <a href="http://aircrack-ng.org/doku.php?id=install_aircrack#latest_svn_development_sources" target="_blank">latest revision from our subversion repository</a>) a lot and report back to us. Let us know how it works for you, what kind of improvements you're getting and we especially want to hear <a href="http://forum.aircrack-ng.org/" target="_blank">if you have bugs</a>. If you have a recent AMD CPU, we want to hear from you.<br /><br />The plan is to make another release candidate in about 2 weeks.Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-40939621227441755772015-11-21T16:04:00.005-07:002016-02-14T19:31:48.241-07:00Aircrack-ng 1.2 Release Candidate 3<a href="http://aircrack-ng.org/">Third release candidate</a> and hopefully this should be the last one. It contains a ton of bug fixes, code cleanup, improvements and compilation fixes everywhere. Some features were added: AppArmor profiles, better FreeBSD support, including an airmon-ng for FreeBSD.<br /><br /><b>Changelog</b><br /><br /><ul><li>Airodump-ng: Prevent sending signal to init which caused the system to reboot/shutdown.</li><li>Airbase-ng: Allow to use a user-specified ANonce instead of a randomized one when doing the 4-way handshake</li><li>Aircrack-ng: Fixed compilation warnings.</li><li>Aircrack-ng: Removed redundant NULL check and fixed typo in another one.</li><li>Aircrack-ng: Workaround for segfault when compiling aircrack-ng with clang and gcrypt and running a check.</li><li>Airmon-ng: Created version for FreeBSD.</li><li>Airmon-ng: Prevent passing invalid values as channel.</li><li>Airmon-ng: Handle udev renaming interfaces.</li><li>Airmon-ng: Better handling of rfkill.</li><li>Airmon-ng: Updated OUI URL.</li><li>Airmon-ng: Fix VM detection.</li><li>Airmon-ng: Make lsusb optional if there doesn't seem to be a usb bus. Improve pci detection slightly.</li><li>Airmon-ng: Various cleanup and fixes (including wording and typos).</li><li>Airmon-ng: Display iw errors.</li><li>Airmon-ng: Improved handling of non-monitor interfaces.</li><li>Airmon-ng: Fixed error when running 'check kill'.</li><li>Airdrop-ng: Display error instead of stack trace.</li><li>Airmon-ng: Fixed bashism.</li><li>Airdecap-ng: Allow specifying output file names.</li><li>Airtun-ng: Added missing parameter to help screen.</li><li>Besside-ng-crawler: Removed reference to darkircop.org (non-existent subdomain).</li><li>Airgraph-ng: Display error when no graph type is specified.</li><li>Airgraph-ng: Fixed make install.</li><li>Manpages: Fixed, updated and improved airodump-ng, airmon-ng, aircrack-ng, airbase-ng and aireplay-ng manpages.</li><li>Aircrack-ng GUI: Fixes issues with wordlists selection.</li><li>OSdep: Add missing RADIOTAP_SUPPORT_OVERRIDES check.</li><li>OSdep: Fix possible infinite loop.</li><li>OSdep: Use a default MTU of 1500 (Linux only).</li><li>OSdep: Fixed compilation on OSX.</li><li>AppArmor: Improved and added profiles.</li><li>General: Fixed warnings reported by clang.</li><li>General: Updated TravisCI configuration file</li><li>General: Fixed typos in various tools.</li><li>General: Fixed clang warning about 'gcry_thread_cbs()' being deprecated with gcrypt &gt; 1.6.0.</li><li>General: Fixed compilation on cygwin due to undefined reference to GUID_DEVCLASS_NET</li><li>General: Fixed compilation with musl libc.</li><li>General: Improved testing and added test cases (make check).</li><li>General: Improved mutexes handling in various tools.</li><li>General: Fixed memory leaks, use afer free, null termination and return values in various tools and OSdep.</li><li>General: Fixed compilation on FreeBSD.</li><li>General: Various fixes and improvements to README (wording, compilation, etc).</li><li>General: Updated copyrights in help screen.</li></ul>Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com4tag:blogger.com,1999:blog-7538555703405721380.post-79739187448652036862015-04-10T07:28:00.001-06:002015-04-10T07:28:41.499-06:00Aircrack-ng 1.2 Release Candidate 2Here is the <a href="http://aircrack-ng.org/">second release candidate</a>. Along with a LOT of fixes, it improves the support for the Airodump-ng scan visualizer. Airmon-zc is mature and is now renamed to Airmon-ng. Also, Airtun-ng is now able to encrypt and decrypt WPA on top of WEP. Another big change is recent version of GPSd now work very well with Airodump-ng.<br /><br /><b>Changelog</b><br /><br /><ul><li>Airtun-ng: Adds WPA CCMP and TKIP decryption and CCMP encryption</li><li>Compilation: Added support for DUMA.</li><li>Makefile: Renamed 'unstable' to 'experimental'.</li><li>Airodump-ng: Fixed XML sanitizing.</li><li>Airmon-ng: Airmon-zc is now stable enough to replace airmon-ng.</li><li>Manpages: Removed airdriver-ng manpage and references to it (forgot to do it before the previous release).</li><li>Manpages: Updated 'see also' references in all manpages.</li><li>PCRE: Added it in various places and docs.</li><li>WZCook: Fixed processing values stored in register.</li><li>Updated a few headers files (if_llc, ieee80211, ethernet and if_arp).</li><li>Travis CI: updated make parameter and add testing with pcre.</li><li>Compilation: de-hardcode -lpcap to allow specifying pcap libraries.</li><li>Makefile: Fixed installing/uninstalling Airdrop-ng documentation files.</li><li>Makefile: Fixed uninstalling ext_scripts.</li><li>Airodump-ng: Added new paths (and removed one) for OUI files and simplified logic to find the OUI file.</li><li>Aircrack-ng: Fixed ignoring -p when specified after -S.</li><li>Airmon-ng: fixes for openwrt busybox ps/grep issues which do not seem present in other versions of busybox</li><li>Airmon-ng: fix vm detection.</li><li>Airserv-ng: Fixed channel setting (and assert call).</li><li>Airodump-ng: Fixes to NetXML (unassociated clients missing and various other small bugs) and update the code to match current NetXML output.</li><li>Airodump-ng: Removed requirement for 2 packets before AP is written to output (text) files.</li><li>Airodump-ng: Fixed formatting of ESSID and display of WPA/WPA2 (as well as a bunch of other small fixes) in CSV file.</li><li>Airodump-ng: Fixed GPSd.</li><li>Airodump-ng: Allow to specify write interval for CSV, kismet CSV and NetXML files.</li><li>Airserv-ng: Fixed wrong station data displayed in Airodump-ng.</li><li>General: Fixed 64 bit promotion issues.</li><li>General: Fixed a bunch of uninitialized values and non-zeroed structures (upon allocating them).</li><li>General: Added Stack protection.</li><li>Various other small fixes and improvements.</li></ul>Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-64082209244852134582014-10-31T17:53:00.003-06:002014-11-15T10:38:47.446-07:00Aircrack-ng 1.2 Release candidate 1Here is the <a href="http://www.aircrack-ng.org/" target="_blank">first release candidate</a>. I was wrong about saying there would be a fourth beta in <a href="http://aircrack-ng.blogspot.com/2014/03/aircrack-ng-12-beta-3-release.html" target="_blank">the post of the previous release</a>. There is exactly 7 month after the last beta. There will be most likely another one then the final release in the next few month.<br /><br />Updating is highly recommend as this contains a lot of bug fixes and improvements as well as security fixes (CVE-2014-8321, CVE-2014-8322, CVE-2014-8323 and CVE-2014-8324). More details can be found in the blog.<br /><br />Changelog:<br /><ul class="bbc_list"><li>Airodump-ng should be able to parse the canonical oui file.</li><li>Airodump-ng: Fixed GPS stack overflow.</li><li>Airodump-ng: Fixed stopping cleanly with Ctrl-C.</li><li>Airmon-zc: better handling for when modules are not available (incomplete)</li><li>Airmon-zc: users can now start the monitor interface again to change channels</li><li>Airmon-zc: update to use ip instead of ifconfig if available.</li><li>Airmon-zc: better handling of devices without pci bus</li><li>Aireplay-ng: Fixed tcp_test stack overflow.</li><li>OSdep: Fixed libnl detection. Also avoid detection on non Linux systems.</li><li>OSdep: Fixed segmentation fault that happens with a malicious server.</li><li>Besside-ng: Add regular expression matching for the SSID.</li><li>Buddy-ng: Fixed segmentation fault.</li><li>Makefile: Fixed 'commands commence before first target' error when building Aircrack-ng.</li><li>Fixed segfault when changing the optimization when compiling with gcc thanks to Ramiro Polla.</li><li>Removed airdriver-ng (outdated and not meant for today's kernels)</li><li>Added gitignore file.</li><li>Fixed build issues on other compilers by using stdint.h types.</li><li>Updating installation file and added pkg-config as a requirement.</li><li>Various small fixes and improvements.</li></ul>Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com2tag:blogger.com,1999:blog-7538555703405721380.post-31563777932615027362014-06-10T20:49:00.002-06:002014-06-10T20:49:29.829-06:00Comcast xfinitywifi and hidden wifi networkRecently, on twitter, I talked about Comcast and their xfinitywifi network. Here is the full story<br /><br />If you have Comcast and a recent modem from them such as <a href="http://www.cabletv.com/images/cabletv/new/comcast/xinternet-content4.jpg.pagespeed.ic.zBBrNORFHa.jpg" target="_blank">one of those</a>, it creates by default a wireless network called <b>xfinitywifi</b> (if it doesn't now, it will do it soon). So that other people with Comcast can login to it and have Internet access when they are traveling.<br /><br />It's a pretty good idea since it does not use any of your bandwidth (<a href="http://arstechnica.com/information-technology/2014/02/comcast-customer-surprised-to-learn-new-router-is-also-public-hotspot/" target="_blank">based on what they say</a> and Slashdot had <a href="http://mobile.slashdot.org/story/14/06/10/1751255/comcast-converting-50000-houston-home-routers-into-public-wifi-hotspots" target="_blank">a story today from the Houston Chronicle</a>) but it could slow down your wireless network since it is on the same channel. However, I really don't like the way they implemented it: it is enabled by default and you can only disable when logging on your account online, there is not a single mention of it in the modem configuration. It's also a bad idea because you can easily fake it to steal credentials (it's an Open network, no encryption).<br /><br />Unfortunately, I had to spend quite a lot of time with their tech/customer service to figure out and get it disabled (their first attempt to disable it failed). And they will try to convince you to leave it. I knew they have access to the cable modem and they can reset/upgrade the firmware. What's really worrying is that they can access all the settings of the modem, including the wireless settings and they could tell me what my WiFi settings were. They might also be able to access your network.<br /><br />Moving on. Another issue I mentioned to their tech was that there was another wireless network along xfinitywifi and my personal network. A hidden network with the same security settings as my personal network (or it's just a coincidence I use the same settings as them). The MAC address is also very similar to the one of your modem. What changes is the first byte. <br />As of now (last time I spoke to them was 2 or 3 week ago at least), this hidden network is still there and I have absolutely no idea what that network is. So, I'll disable the wireless on the modem and have another AP between the modem and my network. Here is a picture of the network (let me know if you'd like a PCAP).<br /><br /><img alt="" height="243" src="data:&lt;;base64,iVBORw0KGgoAAAANSUhEUgAAA2gAAAIWCAIAAACtKzlvAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH3gYLATYi4R8f+AAAIABJREFUeNrsnXd8FEX/x6dsu7vc5RJCQui9SBWpQeki0m3YUIpiBaUodgUelMcCiIKIgKjY4MHGoz9ERQQSQEWaSihSAsgDBAhpV/Z2Zn5/7OVypFwuyV2kfN/uCy9bZmdmZ2c/+/3OfBej85k9exYCAAAAAAAAgAImTZps/sCBVXPnzmnX7sorr2xvt9uhggAAAAAAuMw5fOjgF19+eXW3bhFPOTUtbfSoUfv3749GtiOeuK7rx48fP/6/4xMmTJICqnHUqDFWq4Ux5vG4oa0AAAAAAABgjDnnEU+WECKEiEbK0UhckqS6desm1agxZ85sv3Bs16691WIxfD5oIgAAAAAAAMEiLErJRiPl6CWuyHKNGskSQmj27FlXXnmlwQwBDQQAAAAAACBIhEXDLkgpjZ7FMXqJ10hK9Fsc7Xa72+2C9gEAAAAAAHCecIyaxZFH0+IYjcQlWfYLR8E5EmBwBAAAAAAAOF+ERc3iKKJpcYxS4gXCUYBsBAAAAAAAOF84Ysx51CyOPJoWx+gkXigcoXEAAAAAAAAEgwkRImoWRxFNi6OIssURXNUAAAAAAADBRGlyDCEEIRS9cDzRSxxc1QAAAAAAAKULxyhIJP/E5+iIr6gmDq5qAAAAAACAUoWjiFoAcBHNAOChE6eUIoQYY2WuLF04gnYEAAAAAAAIFmEYR8XiGEbEnOuu61/apjVrvq1M4pTSrindCCG7du08e/asuTI+Pr5Nm7ac87S01BDaEVzVAABEEbfbLYSwWq1F1vt8vi+//HL16tX79u0/c+aMxWKpVavW1Vd3u/vuu5OTkwO7NW7cpEGDBt9//12Ypyuyf3kPBwAAKCoco2RxrFzEnNAHlpk4E0IIQQhp1+7K7du2nT17Jj6+Wrt2VyKEGGPMMEKoQnBVAwAQRYYMGXro0KEDB/4K7mROnTp1zz33pqenI4QaNKjfsmXLI0eOpKenp6enf/jhR/Pnz+vevXtwr2212lyu/PB7+cD+drvd4XCU63AAAIBgMCHRiGtDw46YM2fO7OA/J06chBAKfWCZiXPOvvnmmyFDhhBCrmzf/q/9+xs3aYIQ4px/8803Fk0zp9eUJRxBOwIAEB1stpi83Bzzt2EYY+8dm56eft11182YMaNOnTqccyTEyVOnpk2b9uWXX06aNDktLVVVlPPfr8vZQQmBENq+7TdbjD30Bw4YY/+aMePAgQMP3P9At24pU6Y8oWrqv6ZPh6sGAADGmEQnHA8JO2JO0yZNSurheGUSxxjpXveqVauGDBlCKW1xxRWGYTDGVq1apXvdVosW4lhwVQMAUAJNmjQN/vP777+rV6/eV199tWTJksOHM2rWrHnXXSPuuOMO861UCFHipo4dO507dw4hVKNGDYTQM888PWrUqFX//e+fu3d36dJl8eLFCxYs+PDDD48cOWKe5a+/9ns87m+/XfP551/cfvttwd2S7vNNmjTpu+++nz59+vDhtzz99DN79uzJyMgghDRr1mzKlMfbtm17Xq9aUIoGDRp8992aIr+D+e/XX3/44UcIoV9/3fraa6/9sHbt4MGDVU3zeDzQDAAAiNa3qsOOmFPiPqEPDCdxhyM2O+fc5s2be/bsiRCSJCk1NdXrdcU6nKEPJAHhCI0DAIBgYmJihg8fftddd02YMKF16zarVq16/PEp8fHVXnxxht1unzZt+scff2zu+dVXX5W4acyYMU6nEyE0YcKECRMmdOnSVVGU//u/1QihyZMnL168+KWXXkpISHj44YftdjtCKCbGPnLkSITQli1bZFkO5MTr9Y4bN37t2h/ffvvte++9V1HUxMTq3bt3nzZt2r333rt9+/aHHno4RKdvs8UghBo0aNCgQQPzdzA///yLw+F4//33McYTJkzIycnp1q0bXH0AAJBpccSYCxHxhRREzAmx+DViGCsrkDgXokGDRikpKYZhIIQMw0hJSWnQoFGZRwUsjhzaBwAAwSQlJc2dO9cwfEgg3etdvGixLMvvvfeezWq9utvVXVNSPv74kzGjx+i6d8niJSVuevCB+7/88stz5849+eSTuteLEDIMX0ZGhqIo3bp1e+KJKZqmrVixwmKxrF69Ojc3FyHUqGFDhNDff/9NCTX9y16vd/To0b/++utHH33YvXsPt9tl+HwTJ0xQVc18pd6xY8fatWtzc/PsMbbC3Bd5GRbiuzXf2mLsvJjbWpHl/v379+vXb8mSJQsXLmzatOnQoUN9uhdG7wAAgKL3reqww/GUuI8oy+JYZuIJCdU7deyEMGaMpaamdu3alRDSqWOnn3/++fTpzBAHBo1xxBjaBwAA58st4Xa7zd+HMzISExMdDkdubk5cfFxiYuLff/8tK4pX94bYFPBmeLx+z+/x48cTEhIIIcePH4+PrxYTY8vNzQ3spmoaQkiSJEyIuSorKystLa1Zs2bt21/lcuWbA3EWLVr09ddfHz16TNd1M2wEYwwHjeYuIvrMP/PycouX8YWpL2iaxTB8Xbp0vvrqboqiMsZ0nw+uPgAA5hjH0DNRbrzppuIrP//sszL0qGkUDGNyzLAbbiy+MvSBZSZOKe3QsQPCmHO+atWqrKzTmZmZ5lyZDh07rPl2TVjheEA2AgBQong0/1+zZnJGxpHjx4/H2KzZ2dlnzpxp3rw5xhgJEWKTeayu64HfqqqePHnS7XbXqlXr4MFDW7f+1qRxI1M4CiGOHTuGEGrYsCFC/hl7NWrUeOyxxx588MF77rlnwVvzJUnavn377NlzBg0cuPzT5Y7Y2KlTpy5btiyQVdPtUtziGKKIHrfL/GH4fAZIRgAAgqQjIYSQckskSZJC72AaBcvcrWLpl5k4xtgwGOfim2++8XpcNZJq5uScW7Vq1cCBAznnhBBcujExSDiCxREAgNK54/Y7Zrz44pgxY2655eavvlrl8/keeeQRcwx1iE2JiYmHDh269dZb27Rp3bFDx+7dr6lVq1Z6evquXbuGD7915syZQ4cOdTqdZ86cQQidPn16xfIVCKFWrVpxVuhkGTp06N/Hjs148cWnn3n23zNfMlPenZ6++ttvs8+d+/bbwkC4qqocOXJk/Pjx3VJSBg0aGJz/6/pfX6dO7cWLFsGlBAAgXNmIESaEEhpinyLhckyaNW0WOmUShnAsMeVw0i8zcc75e+8tRQjFxznj4xMQQvHxCefOnX333SUIofr16pufkClDOMJwHgAAihPoGe4ccacky8uWLfvXv2Y0aNBg3rx5gwYNcrtdIuSmKVMenzZt+o4dOzIyMiwWS6/evXv16pmenv7ss8+uWLHc7XYvX77c6/X279//22+/7dq1a15eXnJy8l133cU4C+6U7rr7rlOZme+8847TGfvkk09Onz79vffee+GFFxISEpo3b56ZmWlmdezYsYsWLV6/fn379ldKshJcikOHDhFCrDZbfj7EdAQAIEzhiAnGoeVdyytaViBl83PS0Ug5zMQbNmiIzrdcJiQkOp3xqCxzJkYIzZ49a+Tdd4dQlwAAXIbEOuM4Z7k5OcErFVVVVRVjwjn3ej0+XS9zE6XUYrWZb8A+Xf/772MDBgw8l53dqVOnZ595uk2btoqqIoSefPLJr776qmXLli+//HKjRo3ycnPM99ngbGgWi6pqutfrdrsUVVVVzYyUwTmTJDk3J5tzrmkWVVUFQh6PW/d6gw8vsUQAAAClkZeXt2vXLlVVI56yqqo1atTIyMiIRrajmjh8OQYAgJLJPpdVfKXu9Zrzo8PfxBgLRP9GCFWrVu2tBW89+OBDv/zyy5Chw+x2u91uz83NHTv23t937ZIVhTGWn58X6JSCs+Fxuz0Fk3VKO53H4/Z43CWWosQSAQAAlIY5OabCIxFDEI5R8MJMHFzVAABUNe3bt1+37scVK/7z1VdfZWRkeL3edu3atWzZiguenX0O6gcAgAuHKAlHUrnJMf9g4vDJQQAA/gGsFsvoUSMfuP9+WVHMz88ww/B6IXoiAAAXEBhjSZIopRGfQHwpWByhfQAAUJUIIYq4lQEAAC4oLBaLw+FgnEuRngeCMY6etotq4uCqBgAAAAAAKJn4+Pi///5btdsjbnSMnraLauLgqgYAAAAAAChVOHrc7szTp61WqyzLkZKP5jDEKOU5qon7hWM0ppoDAAAAAABc1HDOa9eu43DGHjpwKDc3FyqkwOIINQEAAAAAAFAMHzNstpj2V7WHqigUjuCnBgAAAAAAKBHOmIcxqAeEEIEqAAAAAAAAAMKhwOKIQUECAAAAAAAAoQC9CAAAAAAAAIBwBAAAAAAAAEA4AgAAAAAAACAcAQAAAAAAABCOAAAAAAAAAAhHAAAAAAAAAIQjAAAAAAAAAFz8wnHzlp/dbg9cSKCKOXL0qK7r4awEAAAAgMtIOPa67vrgZfITT5kPyF7XXR/Y4cjRoxHPWZHz3j9ufIm7Pf3C1MzTmcH5qSTfrP6236AhLpcreOUrs2Y//cLUIgWvSjjnX69ePX7i5Btuvb3/kGH3PvjQWwvfidK5zp3LXrBoceXTWfbxJ0Uuorms35gaWQFXsStSyXY78t77Tpw8Gc7KyJ4XAAAAAP5BpHB2mvf67No1a/oPkCSEUK2aNb9c8Wm0Mxd8XkppiD2D83Py5KkX/jXj7XlvVOyk11zd7fV58zf//EufXj3NNYZhpG7e/MhDD1VZwYuz4J1Fu/74Y9jgwfXr1XM4HAghm9USpXPl5OasWPnZg2PvrWQ6w2+6ccjAAQihY8ePj5swKVBvFkskc/5PXREAAAAAAOFYMvaYmNjY2OA1lNIia6JB8fOWRnB+vLp37/79FT6pw27v2OGqDampAeG4Y9fvXq/erWvXKit4cb5f++PUZ59p17bNRdS2VFVVVRUhlJ2TgxCKUr39U1cEAAAAAEA4hsuRo0dH3nvfujWri2/y+XyL3l26bv0Gn8/XqWOHcQ8+4LDbI5hj3ef78ONPvlu79uTJU8Xzs35j6tQZLyKETPflS9Omdu3Subyn6N2jx6tzXvd4PJqmIYQ2bNzYrWtXi0UrUvASS/r5l1+tW7/hzTmzzKTuffChhg0aPj3lMYSQ2+0Zdsvwea/PadK4UXmz1KJ5s3lvv/3w/fe3bdOaEBJOhb865/XNW37OzctLSqz+0P33pXTpghDqP2TYsMGD1vyw1ufzff35SoSQ1+td8v4HqWmbcnJz27ZuNe25Z81kzQokhNStU2fyhEdaXXFFZFteadkuksMjR48+8cxzjRo22L5jp6ZpA6/vn+9yrf1xHSZk7OhRA/pfF3xFrh96w7V9em/bvj0z83RSUtLkRx9p26Z1aVURbcK8EfoPGda3d6/UtE0GY1endJ306COKLEPHBAAAAFyYhDU5ZuS99wUGqKVu2hx658Xvvb9n374ZU59/Y/ZrZ86cffudRRXOXPB5V339jT/9d5embtr8xKRJn3zw3qsvvVjkkB7XXP3+4ncQQuvWrF63ZnUFVCNCyDQu/rL1N4QQ53zjpk0B62OZJe3Vs8eeffvOnj2LEDr+v/+53Z5ftm5ljCGEftm6NTk5uXGjhhXI0tNTpjRt3PjJZ5+7Y9ToT1b8Jyc3t8wK79Kp48wZ099btLB3z57TXpxpGIYpE6tVqzb/9dlLFrxl7jZ33vz0PXufevyxD5YseuKxyeZQBITQffeMeXPOrGXvLm7WtMnsuW9GvOWVlu3iOTxx8uRVV1759rw3hg4etOzjTzjjr70885Ybhs2dN9/r9QanaWr9xydOfH/JoratW7/2+twQVVF5gtunuVTgRvB6ve3atPl02fvz5sw6cvToa3Neh14JAAAAuGAp9xjH0APUOOervv7m9VdfrpGUhBC6+YZhr1biQVj8vIyxL//79ZtzZjVr0gQhZJ4l4lgsWreuXTekpna/utuuP/4wDNbxqvZhljTO6ezQ/soNaWnDBg9O27R5QP/rtvz8yx+7d7dt3XpDamq/Pr0xxhXIkt0eM2XypAfuG7t+Y+raH9e9/+FHTz42qWf37iEq/Jpu3cwfNw0buuzjT06eOlWrZk2EUOeOHWomJ5ubdF1f88PaTz54L7F69SJnvH34LYHD7x/3SGRrOHQ7Cc6hyQ1DhyCEhg4etPSDZTcMHVy3Tp2k6omLlr6Xefp0kZQHXd+/bp06CKEhgwZ88+23oauikgS3T5Nhw2+rwI3QtEljTdPq16s3cfz4cRMnPTF5UugRvQAAAABwQQvH8Mcanj5zxuPxPDD+0Yhkrvh5T5854/P5GtSrF+166d2zx0uvvKL7fBs2pna/upuiKOGXtG/v3v/37Zphgwenbt782IRHZUnavOXnFs2bb/nl1/vuGVOZXDns9sEDrh90ff8PPvp4wTuLe3bvHiIbqZs2ffjJ8hMnTphDDE2rZxFOnjpFKa2ekBDipKqqCiEiW70VayexDkewkjb1WTjZDqcqItI+K1nAOrVr6bp+Nisr9BUBAAAAgAtaOJZJQFeYo7g+XLokIhad4sQ5nRjjwxlHmjZpHHpPxlhlzDadOlxFCN3627YNaWlPT3m8RA1XWkmvTuk6d/78I0eP5ufn16ldm3ajTzzzXLs2bZo0bpSUmFj5SsAYt2zR4sv/fh0iGxlHjvxr5ssTHxnX4+prFEXuO2BQiUnFx8X5fL4jR4/Vq1unKptdtNtJmFURaT0cbgFLO+/hjAxFlqvFx0PHBAAAAFyYEEwq6xRz2O279+wxQ9NpmnZ1Std/vfTvbTt2nMrMzDhy5Odff61wyrl5edkF5OXlIYQURends8crs2fv2LXrVGZmiYmbRqDUTZtdLpfHU8HY4IqidO+Wsnjpe4KLdm1KmMscoqSqqqZ06TJr7hvmWMmaycmapn28YkW/Pn0qXBXPTZs+/+2F6zembv1t20efLp/52qzbb7k5RDZy8/IQQknVEzNPZ777/gelJWuz2bp07jT9pZd+2br1bFaWWclVQGTbSZmtqMSqCG63VVnA4ufd/9eB/Pz8g4cOz37jzRuHDS0y+QkAAAAALhwk1VpZp9gNQ4fMnTe//ZXtXpo2FSE0ZdKkpR988MqsOVlZWcnJyXXr1OncsWPFUh43YVLgd9MmjRfOexMhNOmR8W8vWjzj3y/n57uaN2ta3KkX63DcPvyWl2fNctgdzz71RIWnA/fu1Wv1d9+HeJCHKGm/vn0mP/GUGfoRIdS9W8qHny6fOX1ahSu5YYMGqZs2fb36W6vFUr9evcmPPpJSMO+nxGy0bNHipmFDn5v+L0mSrklJCeH6fHLypPkL3/n3q7MEQp06XPXkY5OrpuVFsJ2EprSqKNJuq6yAxc87498vI4SSEhP79e0z4vbboFcCAAAALlhwjLPh9OcfHjlyFNQFAFQ9va67/v3F75gTegAAAADgAgecYgAAAAAAAAAIRwAAAAAAACCSwhGDdgQAAAAAAADKRuJMh1oAgH+KEr/bCQAAAAAXJsSddxxqAQAAAAAAAChbOApuQC0AAAAAAAAAZQtHqAIAAAAAAAAgHPyfHKxWrRrUBQCUDcYYYYQwJhRjggnFmGJCMcYISwhhhBBC5f2UIa7YLjicA8s6Czc8Pm+OEKygfFSxVgv6oBThPlfwDgAAAMAlye7du8shHAEAKF1xEYwxxgQTCROKsYQJQYhiXFyNiarLVCRUI8IYUwkRiphfFwrBmeGWFHtBWQSmMqESM0A4AgAAACAcAaA0RYWI36xIJYIlRCS/VsP4PKUoULGVkReJlVONpSMExpQQiRVGVxCC6UhwhImpHTGWMJYR8kKjAAAAAEA4AkChVsREwphiImOMMaaYkIJxwLjQCy1E8SMjqQrLPgBH8hSYECIzhAPmUs4NzrxEsvgPxMgU0EJwaCQAAAAgHAHgstaKBd5nCROCEUGY+scxChQ0ZlFExwuNq6CMZWwXAV1Y4K3mnDOdSJbALoQqmEgCYr4CAACAcIQqAC4rpWj+hwnFRCJEwpgijBGm5oZCdSjO+98/qf1wsQJEGIGJTKgcNIpRcGYIzgqnyBAJEwmBcAQAAADhCFUAXPpqEWOECUYEUwkTmWCKCC5QYEERqURV5ysKqhRXoHYIppjICHsDXnjBDcF9AeGIESZUZj5c9XUEAAAAgHAEgCqRi4RgTMzZ0IRICFOEKb5oi3O+KjQ1HA6lG0WRVaLwX4xQwVhNLBDChEgqNtxCGAW7cs59RKj+4ZsYEaJiTAM7AAWvJNicRSQ4B1UNAAAIRwC4CB/khBBMEaaESJhQhClCCCMRtXD3OFJH4SI/CQ6aiFNMKQoh/IMvBUJIIFYoBgu3i/OFpBAlaRtMik18EYIzXUgcY+o/O6GESswA4XheNSGBEMaYUEIwQoJzQwiOBChIAABAOALABaoVCUYEk0CQRYIx8Y9ZLPKMj45SrYhkxEH/KxSFAVUnkOAIIcEEEgwJLkyNKBBCvECXCL9c9B8k/AUUonB4pqhUqQXzCebFxIoEQkhgjKlk4UyHudVFlSP3CUEIoQhTKlkRxkIYghmCM4iaDgAACEcAuAC0IibIDJeDCSZygVjEGFOBES4US8ESh0QjH+UQiwHRKITwz9LmokAjFqhDjgQXIlgd+ncVhTO7q8iaJQRnzIuphgnx+7epQqjKDDe0wGKVxTnjCBmCGgRLhCpYtQpucEMXwieYIcCLDQAACEcAqFqxiBEiiBDi/4KL5BeLCAtEsN9lK3CVeQnDVI0CmXKwwDooCnWh4AJx/9i4ghCKIvzZ3NGHc0MIhgUxc4QJpbLGmUeAK7Y0sc0MhgzOfITqRNKoEoMR4szLmS64j3Nw9AMAAMIRAKKrzwjGhGCKCPVHzyGmWMRBCqtMIUOinMsCdzHiBTbCgH+ZC8EEF0IwJARCPEgZXujyS3BDMC8igW9wI0wUQjUwOpapH5nBOPNiLFHZQiQLlW1CMGa4BdM584ELGwAAEI4AEEm1WPARF2IGXMSYYkwR4gJhJLhAokSDH46iFMOFAtGvDpgwjYh+CyL32xMFR4gLzoW4+KfZCmFGAi+YImMaHS2ceWGkYxiVJ4Twca8P63lUthHJIilOhDhnXs483PBy5oOJ2AAAgHAEgMroxQKlSCjGFBPJP2RRBOYZVMGDFp8fwcY8IxMCI8EEMscgMsQ5CvI7X6pCinNDMB3LlkDFE6oSSWU+MDqWQ34bei725RHJQiUrkS2UWoXsY4aLG27OfKDCAQAA4QgA5RCLCONA6BzTK40R9vt5Sz4o0q7nQJBEgRAqcCsL5NeFiAvOhH+2in/+yuUierjBuUGCAwFhQiULN3Twt5ZTPgrmc3HDTXwqkTQq2yTFIeQYzrzMcHFDF8KAOD4AAIBwBIBS9SImhGAJUYlgyfROI0QEChoIGBlIaVkwn+cIccHNmSsFTmfOeKFNUVzm/kTOvEJYMJYDIcSJpFHZZ+i50I4rIh8NDzM8hp5HZaskx0hSDJViOPdyXz5jHgEGSAAAQDgCQIFUC0RblDAh/pFz2IxzjQXiCAUZsUpTa6WYG0sZ4EiKikWBBDJj7HHEmfCHvxEFdkQw+RQTjtzHmZcSObgeqWwT3McMD9RPBRUkNwxvDtPzCFWpYpckK9WsEvdx7uXMzX0exrxQSwAAgHAELku9SPwfccHYjKFTRPlxEUonlhdSXFEigQQ3hGBC+CWjKIiGA0IxDI0jONMpZYgE6lZgQqli59wQEGKmklVruDnzMqpS2UJlB5VshFqFrFPm5b58Zrgh+BEAACAcgctBLWJsfvSPyhiZAbpRGd9WPu+JWs6TFabln3ltzkkQXAjh44IhLsDvXGG4oXNZJ9iKCr2oglBFkq2Gngeu1YjJR18+lW1EiiFEJUQV1Ea51/DlccMtOIOmCwAACEfg0pOLBGFCiISpQjBBGPsnKUfqkYeDlSIqUIqFoXCEYIIzYX4yOPBdPqCSygZxbvgILSIQBVVihBCGngeVHCH56OXMh0mepMQQKYYQmVIboRoXOtNzueHh3AcTaAAAAOEIXAJykWBMMKaYyObv82yJ5X3SFd2fBH+xD/m/wcIKBiYyv/eZswLXMzxZoyFqvEjYEKHnCxcsKTYkmOFzQ7VHqqYF032eLEzyJcVGZBvBCsUWoqmC68yXxw0PhBAHAOAfpBxhTWJiYl555ZVDhw55vd7du3ffcccdBT2dKNb3VeoRIopR3gMrsDWcbPjtV+XPWBU+dSqbpb59+/76669hpIMRxphIVNIkxSLJNkmOobKVUBljWtwD7XWdKXfLxARjjDDB5senBUfc4MzryT/lzc/0us4aeq7Pm2vo+czwcKabMXTM8Yvh10Pfvn1XrVqVlZWVm5u7devWu+++O3jroEGD/vjjD4/H8/vvv19//fXlqqjExMQTJ06En5MQ54qNjZ01a5Z56/3555/Dhg2r5KUMca7S6N27x8rlS08c2Z35v32bNqy+8/Zb/BofU0mN7dd/QHjNJqyKkiTpmWee+euvv9xu965du4YOHXr5yUfBmVd3n9XzT+reM4y7MMaEWmStumKtIVuqSYqtxBsNAACgKpg9e1aZ+8iyvHnz5unTpycnJ9vt9okTJ/p8vugJx2gcXt5ky9z/khSOP/30U8+ePUtPJ1gv2iTVIVviFEt8mYsQooT11uJLQsFi7hMna05JtVPZSiWNUAUTarqpI3iVf/rpp2uuucZisbRo0eL7779/7rnnzE2tW7c+efJk3759NU279tprT548ecUVV4RdUWj58uWvvfZamPkJcS5N07Zv3z5v3ryGDRsqitKmTZtVq1ZV5lKGLleIilq/fmOffjfEJTZq16HH2h83TJvxqmavqdlravZaGzam9el7XcWaX/GKeuqpp7Zs2dKmTRur1dq5c+ft27d36NDhMu6hMaGqrMVpjjrW2EZWZxOrs4nFXl+1JkmKHRMp3M+mAwAAhGR3eIQrHMeNG7d48eLgNaNGjQLheOkJx5LTwRgZFAV8AAAgAElEQVQTSqhCZaus2mXNqWhxfqlnqehSVCz6ZaKsOiTFTmUroWrBxwZx9K7yq6++Gpx+nTp1Tp48af5euHDh5MmTA5umTJmyYMGCME83ZMiQw4cP22y2MPMT4lyTJ0/+8MMPI9gkwilXiRVFqKxaq2v2Wpq9ZuMWHU6dyiwQjjU1e20tJlkIUd7Y7CVW1L59+9q0aRP4s1OnTkuXLoU+nRBZUuyqLdniaGjKR2tsQ81RR7EkUEkLfBYSAADgghCOGzduTElJCfPJdJkLx8GDB6elpXm93szMzKVLl8bFxQX2Hzly5F9//eX1evfs2RPsFU1MTHzrrbcOHjzocrmys7PXrFkT7EAcPHjwb7/95vF4MjIyHnjggSLyfe/evV6v98CBA6NHjy7xWlSgPv2HBOlFSXUomlMx7YsF5kBzEUL8Z+UXZ7Oy/jXjle++X3s2K+ve+8YF2xpNiqhGIUSffoM3pm7Kz3dlnj694j+fJdeqY9oUsX9WTVVc5SIkJCScOXMmcAu1bNky2FD3559/hnO62NjYv//+e8CAAeHnJ8S5Nm3a1K1btwjeDuGUqzTTl6TYTaVYq36rs2ezgoRjTc1eSwghKXZcknYssR2WVlEul0vTtMCfVqt1z5490Kf7rwFVZC1Os9e2FFgfrbGNNXtdUz6C8xoAgAtFOGZlZcXGxlaZcDx+/LjX6z106NDKlSvbt29/cQnHtWvX9unTx2KxJCQkvP7668uXLw/sv3fv3m7dutlsti5duuzZs6d///7mpg0bNkyZMqVGjRqSJFWvXv3GG29cu3atual///5ZWVnDhw93OBwdOnTYu3fvtddea24aNGjQnj17unTpYrPZunXrtm/fvggJRyyECNgXFS2u0EYYpBeDheOgIcOvH3STEGLIsNv6Xjdkz559Zbmq44QQ27bt6NW7n8MRX7tO3WXLln3yySdVf5WLMG3atPnz55u/8/LyrFYrQigtLW3jxo02my03Nzec0y1atCj4oodz3hDnOnfu3A033LBr1y63271nz56JEycSQipTUeGUK4RqUW1Jmr3WizNnv/3Oe+cLx5pCCC0mWVYdmNBw2mFpFbV3795WrVoF/uzYsWNeXh706YVXAWMqqbIlXrMXOq+tzsaava6sOQlVQT4CAPDPC0fDMCilpT2ZKjydpUQ+++yzLl26qKqamJh4++23Hz16tFyj4yMoHEOXK5wEHQ5HdnZ2YP/rrrsusKlfv37r1683f2dnZ5c2ziw1NXX8+PGBPwcOHLh69erApoCINCVmJWseY0okhUpWIYSiBavDEvRiYJMQwuGs6XDWDPxwudzF7YuKJV7RnLJqlxQblTQhROfOXQJPuKSkpFOnTv2zwnHo0KEHDx6sVq2a+SdjzJRoW7ZsSUtLI4Qwxso8Xa9evc6ePVujRo1y5SfEuRhjW7Zs6dKli9Vqbd269aZNmyZMmFCZigqnXKU3ESKrsbfcNubQ4Yya9VoWF44We23NXkvWnJiUEbEhREU9/vjjGzdubNWqlcVi6dix46ZNmwwDwoyXdLtKFsVa3WKvZ3U2DpKPtWXNic/70g8AAMA/YXF0OBxVY3EsQt++fcN2pf3zFse4uLi5c+ceOHDA7XabWpNzHtg/2GobGxt7+vRp8/fzzz/v8Xg2bNgwd+7cRx99tHPnzoHdXC5XrVq1gtM/duxY4KIEJ+h0OitU8xhjSqkqKTZZiw1oQUWL8y+W0EuhNbHoD2u8YolTtDhJtZsmTEykwIBCIYQsyxW+QBEXjkOGDDlx4kTbtm2LW+ZMwrQ4/vXXX8HDCUqzARd5Dwlxrvz8/I4dOwY2tWnTpojfNvQLWwiLY4hyhWDYDTefPHmqU0rfIqrRb3G019LstTR7bdWWKCm2EEMOQlQUpXTKlCl79+41Z1XffPPNWVlZ0KeXquWpqljii8nHuoq1OqEKWB8BAIiscAzX5/Xnn38GO4+qki1btjRu3Phiqff333/f4XAMGjQoLi4OY2y323Hpz86Az3H69OktWrRYtGhRVlZWnz591q1bN2tWoZo/duxYQBmcPXs2OTnZXB+QpBW0V2BKqCIpVkmxUdlCiIIxRQKVJ8IwLlG7IYSEMLjhZT6Xz5vD9HyEEGe64EawPghMzP/HufXWW5csWTJo0KCdO3cGVh45cqRBgwaBPxs0aHDkyJEyk2rUqNGCBQuKxG8qUu8BwjnXsWPHgl+c9u/fX7du3TITDEHFyhWoqEXvLBh20x27fk8PLewxUSQ1VlFjSSmmxxAVxRh75ZVXmjVrZrFY2rRpc+LEifT0dOjTS6tqzry6O8vrOsF8uQXxHTGhqqQ4VVtNxVqNUBnkIwAAkSJc4bh8+fLANGqTkSNHVk0W27Rpk5GRcQHWndvtDh7Cb9KzZ8+JEyemp6d7PB6EUO/evYO3du3aNfC7U6dOfpMvQgihQ4cOLVu2bOrUqUOGDGnfvv39999vrt+6dWtSUlKwOAiMGfjzzz87deoUSKFLly7l0IuyRVJtkmz160VTc1TGVCwEQogzHzM8CCHDH2HRKwS7wD9JN3bs2EWLFg0ePHjr1q3B61NTU4OHFgwYMGDDhg3h1G8RJReOngtxrs2bNwfPZWnSpMnRo0crU96KlSu4on799eeSwn0XKaZAiBA5RtbiqaQVr4TwK+qhhx5auXIldNZlykev65TPnckNV+DLkJiokhKnWmvKWiyh4LwGACBChOOqVhTl559/njp1alJSkt1uf+SRR3RdLxAMEXZVr169+rrrrnM4HHa7vW/fvnv37h0zZkx5BEwVuao3b978wAMPFBn6uX79+mnTpjmdTqfTedNNNx04cCCQjjk5JiUlxWazmapx8ODB5qa0tLRRo0bVrVtXkqTk5OQZM2akpaWZm/r27fvDDz906tTJarU6nc5hw4b9+OOPgUf+7t27O3XqZLPZUlJS9u7dG2JyjKkXqWyRzfnRAU90SUuhq7ok33RwFB5ZixVCSIqNSmpwScuszEo2m0hd5SeeeMLn8w0aNKj4JjPeYZ8+fVRV7du3b4nxDiMVsynEuTp27Pjbb7916tTJYrGYYxyfeOKJylRUOOUKXVGEKmpMDTMuT5FZ1QWu6uCltunFFkKEsHsF5/OLL75o2bKlLMsNGjR48803t23bVvwNDSj91YVKaqxmr2t1NrE5m9mczUz/tWavLakOkI8AAJRGhMc4IoQcDsesWbMyMjJ0XY/ql2NuvvnmzZs3u1yus2fPbty4ceDAgRERfBGfHNOhQ4fdu3dzzoPX16lT57PPPjt79qzL5UpNTb366quD5dTo0aMPHjyo6/q+ffvuueeewFE9evRYuXLlmTNn3G73gQMHXn/99erVqwe29u7de926dbm5ufn5+d9//31gLjZCaPTo0Xv37tV1/cCBAyNHjiwef9HMtqTYZNURWiwGJGMwhXoxOGqj5pRUhyRbzWGLxfVi8I/S6vACEY4l5jAhIcHcOmjQoD///NPr9f7xxx9FvrAS5mywcn05prRzDRs27Pfff/d4PAcOHHj22WclSapA0cI8V7kqqlb91oHRjcEU147+5qQ5Sxt1F5zDm266ac+ePbquHzp0aNasWaXFcwBCyUciS6pDs9exOpvY4ppbnc2szmZWZxPNXle2xIN8BACgwsIRm8Jx0qTJl0zJhRClhYzG/+gnFqowA9gfgpFIhEgYE39Y5nKH5UEIY4QIQhwJgYTg5nf/uCEEQ4L/gyHQL9irfJlAZausxiJMCloVDq89CcF8zHAzwy04g89bRxsiqVSySUosoapACAmGMEaCM+Zm3hzmy7/Ah5EAAFDFwjGc3aRLqcxh+g0vXWGBMSaYUEwoJpIpHv1P9HI9oHFABwjBuRAGEkxwQwgmuBCC/7PP+8v+Kl8QcMPLZR+harlaFUIYU0WiEpUt3PCaHxkH+Rjdy8R0brioYpekGEzM8SSUSjaKNSa7DF8O011wCQAACJ9LSjiG1gqXsJLAmJofXMFExoTggod0uZ8HfskohDAEN/9lgjNhWhzhKgOF6pxxn4sQpUIfSiaYKpTIVLIww8WZzpkOpq8oXirDw5nOZRdVYim1YiIJgRCRKbUTqhlSHtfzmOGGqgIA4LITjhe1rq1QigQTSjAtRS+KcsbgMO2LTHDGuYEEM2OkwIUDSoQxnQoDY6kioV4EQggjKlHioIJx5uXMy5lPcN8F+An4S0I9cjPKAZVtVLFTakGYIkEIVWWiCMlm+PK4L58ZHrjlAQAA4XgpClBMCJEwkUxbo/lkCH4ml+cBLrjgfsuiYEIwBE9uIJymwxk3PFSJqVxrRghTSmxEsgjm49zLDZ1zXQgO7TAKl8wwvNnccAslhkp2TDWBMMKYUE2hGpdshi+H+fI584F8BAAAhOOloRgxNvUioQRThLDpWK6IAUIIIbjfGW2GWoTnNFBu6agTzsr8umCpJkkRGIIrEMZEUglShWRw7uPMyw3vhTZM4tKAM113Z1HZLSlOKtsQlsz6JZJVkVQm2wxvNvO5CmKJAwAAgHC8KBUjJUTCRMaYYHOKNBLmAze8FArkIhLCb180J7twMC0AlZAgPsH1MIRjWHrSbM2YSJTIhGpC8gmuc6Zz5jNfb6DCIyj6mc/NmU/mXio7MFERxgIJjCiVHISohpTL9GxmeKGmAAAA4XgRyUWCiUwIRZhiTDDGAQFYjscyRkgIzpgQhjmEsSCMDuhFoNLqQzBmeDBVMaYRSxMJhATGGBNVUIVIAgkuhMGZT3BDcJ0zA0RkZKqaG7o7i+h5VLZKspNIFvN1FBNFVqtJst3w5TE92/wWFAAAAAjHC1gymvEX/fbFYL1Yvq9IC8E4MwQ3/dFgXAQiDzd0IeuYWsrfysuSj7ggrBKmCFFKVSSEMCNDcZ1zA3HDHHGBhCgxNWwO50Alz/wWQgjOiq273CZ3C9Omyw2vpDqo7MBYMscQYKrKRKHU4tPPGnoOdB4AAIBwvBAVI6YSIXLBEMagx2g5nsZCICGYzkEvAlWgOwTjho8Q1R9kPuLpF7ZejDDGWCJEQkgTgvtFXgjzOSa4dJUqkCgyevL8NQL554pxzpngPs6NS3e0pWCGmzMvVdyyEkckiykpEcJEsigkkUo2w5sFpkcAAEA4XihyESNCqIypjBEpf9Qec38ukBCc+T164IwGqgpuuIWkYapEW9wghIOEJPX7x3EZN0ZpwtEMWiqK7h+4/0SBKkUCC+Q3bXIhGGcebuiCG6bV8pK50YTghjeHGR5ZdUqKA2PZHzaJyJISSyWLT88yvDnFzLQAAIBwBKpOLxaYGDE1/6yIXhRcCCaYwf0x8EAvAlUrHAXj3EupXJGAjhW/fUpp5wKXIjrDkJfF98QkIDEDL3SUWoUiEOKC+5jhFkz3mz8FuwSCUAqm665MbrglNY5K1qBP/qiKlkTlGJ/nLPO5YKo7AIBwBKpSMGJMKMYUUxn7vWnhP3EDE6RZIFi34AZUK/DPaQ3BDC+hFkzlcPVEhRQmDpgbIyRQiw+NLMPcLwpvYYQIphKmFvML3ILrnHk5MxBiBaOKL963OGHouZx5JTVOkmMwVf2XFWMq2YlVM/Rz5g4gHwEAhCMQbcVYEFWn8EMv5dKLqEAvGpwz0IvAhSI0mI8zDyVySR+6rEIzZJC5MRJnxaEUpP+Fz5x8I2FJJtSGkECIC+HjzCeYlzGvYMZFGoqSM113nWRSrmypRqUYjIk5YBoTSdaqU8nOfDmGN5tzH7R/AADhCERBMRIJYwlTCeMKSEYhEBecC+4zrYzwYV/gwhKOgnPDSyUbJiR6GumCFF+BIOaB3BFMNEo0JFkp93HuEyzIGHmxKUhmuLjLkFWPpMQSogp/bAdBJQuhCqaK4T3HfG4YIQMAIByBiAhGgjHBxBzFiMs5ihGbwUGCPh7NQS8CFyyc6Zy5CbGVZHSMiEILMUO66m/tEn4F62iEMEKUEIkQTUj+Cdqc69zwmBO0LyJ3gWC67jrN9DxJdVLZgalU0BcRSXFSyWro2T5PFjhAAACEI1DxpwrGBBPq/zxgwbCp8FWjOT9aCOPiHywFXC4IwZnhJZIFYRKN1oqjfw+cP8CxkvpUIH8sIYwQxljCWCJEEZLNHBDJDDdnPsF9F4neMuP16JJpeqQaQgQhgQTGRJW1BExkQ8+GSTMAAMIRKL9iPO/bgOc96gQSobWjQAj5TYwGZwaEYAQuLjjTBTOwpAaa8z92I4al7MopDStYIBF0KPZ/MpQohFqFMDjzcuYRzMuZ78L3JwjBfN5z3HBLWjUqWTGWEUJIcESIpMQRamE02+c9B6ZHAADhCISjGAkm1BzFSDAR/oGJRR5muNQOGSEhuGAwhBG4iBHc4MxLzwvoiKFazrvThUAYIyQQxgQrhKhIiuFC54aHcy83PJwZF/TrohDM8HD3KVlxUsVBiFLQgWEqaYQomCqGns10F7z0AgAIR6A0xUgIkTGRMcEY4QKnsijTBCLM5wjighlC+AQX8AVe4GKHGR4iaZjK5YicGKZiKXuPi02k+l8tMSEqUTQkGFcNwXzccBmGB3F2wXYIgvl092nqy5O0OCrHYCT7S0OIrMZTyWZIOT7vOcG8cEcAAAhHoFAxYkwJlQmRECKmOTH8V2whuBBCcB1c0sClhYjKKLcLamZMZKur4CUSYUKwhrBKqZUqhmAew5fHmX6hen4FM9zc5ZNVn6w6kd/0iAQSmKqKlkAkzefOhAnXAADCEUAYE4wlIgU+9+LvF8uysGD/Q1Vw5I/a7RMwkBy4hG4MSlVJdWCiRFw74nJ+r73Kyhxpyc2R34uhIKJQ2c6Z2/DlceYVF+QgSMEN3X2aM4+iJWDZ6u8HhUAYSbKDEFn3ZDI9D75SCAAgHC/fJyMmEqESJtL5FoMwrApCCMEF93HmA5c0cIlBqEwlC1ViECZBqvHCNQ+KyuQNRz93wjwNJtSqUKvgPma4mJFvdiAXWl0aeq4QTBbVqBSDCPEbnTEnVFMtyQbN9nnOcKbDbQIAIBwvH8FICJEI9ZsYw364+D+QJjgXXOfcEIJDrArgkrs5ZEmxUmpB5ttUdFp4lQ9wxOXPQZQKjRFCmMoSdUqKgwtdGLph5HGfJ5z3T0JVTCjzuaKdV+ZzccNDFbuiJWBJC+hfTCRJq0Ykq89zmum5MO0PAEA4XuoPRUwwlQmRMKYY4zCfHbggdjcXhmBmIEYwMQKX4O0hyVYqWTGV/VH9KiTJgPA0pDCn0SBFxZJVKF7uyzcMF+JGiBEvmEqyGlc1dkohuOHNFtynWBKJHIMRFoibL89EsqjWZINquucMBOsBgIsdEnan4Mfj8ezdu/f5559XVTWw9e677/7ll1/OnTt37ty5r776qk+fPuFsEudTZH1+fv6uXbumTp1qs9n+AcFIJSppVLZRqmIiobBUI8YIm3GQDcNj6PnM5+ZMvzRUY+Ay5eXl7dy584EHHjADm58+fToxMbHIzklJSZmZmcFH5ebm7tq1a/LkybIsh3+u4kf98MMPY8aMCew5duzYNWvWBP684YYbdu/e7fV6d+/ePXTo0EgVucQ2f5lLRipZFM0pqQ5MVVM1Drz+2j1/bEYIDRl8/e/bN5o7unOOunOOnjm579fN3z/71CSb1VqRs0V/uvTAAX33/JGKEBoy+Lpd29aVuE/3a7qs+b/lla+70tbbbNYX//Vk+u8/ZZ1K3/bLt8NvGWJuyD+3/zwFKZA7+yCVbJKaoFqTFUuipNoJLeW24oJQm2ypjokc3LA3b94c+HPLli2B7rfybZ75XN784z7XCc48uPD54jc9qrZkSbH7B3yXRCAbn3zySZGbMfA7JibmlVdeOXTokHmn33HHHZW8JCESDP2QKt4fFslqkTWhi1yBrtJkxIgRQogRI0aUVmPlykZpR4XTVZZYV5eaPADCF47InEaMsd1uHzRoUIsWLV555RVz/QsvvHD//fePGzcuOTm5c+fO2dnZP/zwQ5mbAgkG/wjelJCQMGLEiPj4+J9++knTtCpTjIQqVNKIZCFUxYSE45vGppVRcMZ1ZniY4eKGVwh2iTmmzcuUlJQ0ceLEiRMnjh8/HiGUnp7epEmTIns2adIkPT29yFFjx44dOnTonDlzynWuIkc9+eSTTz75JKUUIaQoytNPP/3YY4+Zm9q3bz937tyxY8c6HI777rtv3rx5bdu2jUiRi7f5y1o0EklWHJLmJJK1wNAoEEI9unf7af0mhFCvHlev+yktoJAsjjq167cZM/aRuPi471b/R9PCFSLu7KNVVqge13T9af1mM/NmKYrzzFMTX5w5J0oZkGXp66/e93i8vfoNr9Oow9L3Vyxa8GrohzUmhFCVKnZFrS5bq8uak1C1mDDlCCFJsitaPCY0sLZRo0b16tVDCNWvX79hw4aRbfOc6br7jO46wZkbm71jwUdmJCVWsSYpljiMaeBcwQQS6datW5GMFVSU/P3333s8npSUlISEhEWLFr3//vuVq/lQCYZ+SBXvD8PsUkoscsW6SoRQr1690tPTe/bsWa5uLbhcGOOIdJXFy3UpyQPgPGbPnhXOK0Xwn9WqVTtx4oT5OzMzs27dusFbn3rqqTI3hfNiZPLWW28FxEFUbShEUqhslVWHrMWWa5FUO5UthMoIX7J+uCIXJSUlZffu3Qihd955Z/To0UV2HjNmzMKFC4sfVadOnbNnz5b3XEWOWrFixV133YUQevjhh5csWRJY/+677953332BPx988MFFixZFsMjBbf5ytTMSKlkVa3XNXlOz1yqy7Nz5x+h7H9Hstfbs3X/H3fdr9tqavbYQwvxhLgsXffDkszM0R+1wFiGE+cNir6MFFkcpi71uYLGEsWj2esHLzl1/jh47weKot2fvX3eOfMjiqF9kuW7AbRs2/myx17fYg9c3KP/S0BLrX6yOwmXS49OWfrDC4mhkcTSyxjayxja676Ep1thG1tjGQghrbOPgRQhhdTYuWJr4l9jGmr2OYkmgsgVjv0WASKo1trEtrqnV2UTW4s31Qoi33357ypQpCKEnnnhi4cKFpRmcKtfmMZWtmqOOLb5FTHxLW7WWMdVamYstroVqSw5hyhJCPPbYYwsWLCh+M44bN27x4sXBO48aNaoyrTqcBMt8SAX6wzJNfRXr9EJz4MCB22+//a+//ipXniu8pszMB3NpyIPLh93hQSqWuqZp1gKvkyRJjJ3njZ05c2aZm8Lnvffeu/HGG6NpR6NUUqmsUaqVU/wJwTk3PMznZj4PZ77LZ+7Lzp07TYvFnj17TIvjPffcI4QYOXKkaXHcs2dP8aMYY4SUu8kVOerZZ5+dMmWK1Wp99NFHn3vuueC+e926Qifjjz/+2K1btwgWObjNI4QGDx7822+/eTyejIyMBx54IHjPwYMHp6Wleb3ezMzMpUuXxsXFBTYNGzZs69atHo/n8OHDwT53hNCkSZMOHjyo6/rBgwcnTJgQ3FF27959w4YN+fn5mZmZy5cvD4wNSExMfOuttw4ePOhyubKzs9esWXP99ddH7cVKllSHrMXS881azZo2duccc+cca9Om5buL5rpzjjVr2vij999255RgL1z20Yphg/sH/hx4/bXrvvsiO/PgsYM733lrttMZG7A1muZG84cr50hwIgOvv3bdd59nZx44dnBH8FEVoFmzRu6cw+6cw21aX/HuO3Nc2YebNW304XvzXdmHQpsbqydWmzt7xu5d68+c3H3i2K5VX3zQr1/PytTvTTcO+ODD/wSv+fCjz8LshfwLxoRaJTVOsSQp1kSq2DChyD/eWmCMZTVOUp2mqe/TTz+97bbbEEK33Xbb8uXLw2zz5X3zYj6XN++Ez3OGcyP4u1mYUEmLRwhJir20/vbtt98eMmRIUlJSkfW33nrru+++W+QBUZmaj0iCgf4wUoTfVdatW9duty9fvjw2NrZOnToX2pPiIpcHQMmU+ymuKEqLFi0WLFjwzTffmGs++uijzz//fMCAAcW7mBCbwmfPnj0tWrSIimIkEpVUKlsJ1cyBjGF21EJwzn3M52E+FzO8ghuXW5Dbdu3aZWRkIITS09ObNm2KEOrcuXNWVlbnzp0RQk2bNg24qgNPoDZt2ixZsqTI0KUytVrxo/bt25eWlvbf//73008/PX78ePA7+rFjxwJ/Hj16tMjrbIUp3ub79+//wQcfvPzyy4mJiTfddNPEiROvvfbawP4TJkx4/vnnnU5nixYtsrOz33777YCgnDt37tNPP52QkNC/f/+UlJTAISNGjLjvvvvuvPPOuLi4ESNGPPTQQ+Zz3WTOnDnPPvtsYmJiu3btdF2fO3euuX7lypWHDx9OSUlxOByNGzdeuHBhNF6+MSZUsSpanCTHYEIEOm9i7N59f1kctYfffs/hjCMWR+0Rox7cs3e/xVHb4ijhGbZv/4HmzQoHNox76J7pL86qUfeKth17Zefkznvd/9iwxNaxxNYJ/LA4zruO4x4aM/3F2TXqtmzbsXd2Ts68118Kb0o1Pn9BCKG9ew9YHPWH33Hf4Yyjltj6d40et2fvX9bY+tbYBsFHdr+mC0Jow8YtgTUff/BWxpFjvfrdnFSrdasrey5Z+vGE8fdWppJbtmi6O31/5S6UQIghhDBRJdmpaEmKNUlWYwMDCjGRZS1eVmMRQhs2bEhKSho0aFBycvL69evDafMVzBP36e7TuucEN9znXwyMEFKsNWXVGexDD5CXl7d48eLgNyiTVq1a/fnnnxFs3hFJMNAfRuQFtVxdZc+ePTds2MA537BhQ/je6irjYpUHQJmE6aoO5sCBA4F3QUrp+PHjTTvK77//PmHChMCrUohNwSmHXkMpNYyITsTzS0ZNUu3h+6MVLVZWHZLi90qbL+6XD4GLYrPZ+vTps2/fvokTJyKE6tevv3PnTvOde+bMmb/99htCaNeuXeb7t9laDMMwfyxdulSSpDAbW4ij7gkV860AACAASURBVL//fiHEDTfcEOIdnRBSyWYTos2npqYGD2kaOHDg6tWrS0zE4XBkZ2ebvzdt2lTalJ1ffvklWHr279//559/DmSjU6dOgU1JSUmnTp0yf2dnZ19xxRXRfbMksqw6tJhkzVFbs9fS7DVL9FP/+5U3Pvv8a81ea/brCz765D+avVaJrmqbs55hGCU6phNrtcjOySnRVa0VcVUHeaUTa12RnZNb1D3tqFewBLuV652/FG7696vzPvviG4uj/uy5Cz/65PMgH7R/hw2pW64beFvwIdk5ue0796uMqzrYT211NDQMIyauabCrumBpXOLMgyBXdZGlwHMd19wW1/y8Nc4mtrjm1thG5veyX3/99f/973/z589HpU+bCLR5jElw8NoK9LmSYrfY68dUaxVTrbXpsC5zika1atWOHTvmcDiCc2gYhjnEOVKEk2CIh1SR/hCFNwOmtE3l7SoRQu++++64ceMQQuPHjw8eulNhx3SIaS5hdpXBR1188uDyJvKuanOMqqqqLVu2TE9Pf/HFFwMP7DfffLNDhw4xMTEPP/zwzTffPGvWrDI3hY/NZsvLy4uQYqREUiXZKslWIqmBkUDhmBgZ05nhYb58ZnguzyDeZndw6tSpOXPmvPHGG6bdKyMjo2bNmna7vXnz5m+88UbLli1tNltycvKRI0cCzUaSJE3TbrvtthtvvLF169ZhNrbSjiKETJ48edasWUUGxLjd7uAZoJqmuVyuSjeYktt8+/btP//888BumzZtCuQwLi5u7ty5Bw4ccLvdQojs7Gy73R4wS2zYsKHEEzVp0uSXX34J/LllyxbTjmuyffv2wO+TJ09Wr17d/D1r1qxt27Zt2LBh7ty5jz76qGnujdzrFZUUu2yJo4odYYIKP4xZgnnvqqva/LZ9J0Ko/ZVttm37vbS5wzabNS/ff1GcztjXXp6+e2da1sm/3NlHTx7bbY+JKSEbwdZEjJzO2Ndembp718asU/vcORknj/1pj7EJoXPmZoHFcDFfrqHnMD3bXAw92/Ce8523ZAWW9u1a/Prrz4Z+rn3bK7Zu/ZX5cpgv2/BlMyOPM/fVKe2R4Os3pArBAqFY35i3eNP6/37/7fLXXn7h4QdHd+zYrpK1nZeXb7NZSu0DnU2Cl/BuVzMKGD3/Fmbm9GrFkrB8xX9q1KixYsWKcNo8oapiqV6iaTDMzsPQc72u47o7UzBfoHnYE1o7qrexJ7S2Ohsrlvgi6Z85c2bFihVFxoHk5uZGdiJthRMssT8MrsMS552EnhxTga6yV69eP/30E0Jo3bp1vXr1iohdpbTMh39U4MCLSB4AUbE4Bv9Zq1atM2fOlLhnrVq1AhaRcDaV+UrRuXPnLVu2VPpmIFRSJcUma+WZ+6LGSoqdShq+pCe+lMviWJzt27ffeeedprjZsWPHHXfcsW3bthKPeuyxx1atWlXecxU56tZbb01LS8MY79y5s3//wgFzReZ3N23a9NChQxEscnCbd7lcRV6vA4N1Vq1atXTp0hYtWphz/WJiYgLpuFyu4PGOwWRlZcXGFo7VczqdWVlZ4dwgDRo0uOuuu6ZOnbpq1SqXy1WBnrfk+4VIsubUYpILbIo1g5bzbI2iFNpe1bO4xfGa3oN/+XWbaUf8+v++++DDFe069nImNtIctROSmxWaGIMsjhb/3Bfz31pff7Pm/WUft27XOSY2SVJssc5EIQSVNEJlTKTCBVOMSfBSzFWNEcKlZb5FiyswJhhTQpX16zf07tOPylZJjpEUu6TYZTVWtsQ1veKqMWMfmTFzzjerv3e53XPnLa6MxXHT5t969bulNItjyMkxpVgcS12aCSGsziaqLSkg1EqbvRFo81S2Wp2NZS220v0wlbU4W1zTmGqthRCm6dFerbU9oY0troVirW56cgLZqFWr1uHDh1VVDaxJTU0NHuNRecJJsFxTRiIyOSbMrrJevXpFmm5gfI7X6y0i7DweT8VskJV5OlwU8gCIosUxGK/XG3ilmDp1apGtnPMyN4XPqFGjgq07FZKMGlXM8DpSOQIQC86ZhxkuZnjF5TTxpbykp6ePGDFi06ZNpu1txIgRRQY4BnjzzTdTUlJq1qxZrvSLHPXUU0+99NJLQogXX3wxeHJMWlpajx49An/27t17x44dESxmcJvfunVrUlJS8Ot1wNvVs2fPiRMnpqenm9107969Ayns2LGje/fuJSa+f//+YH90586d9+3bF06uDh06tGzZsqlTpw4ZMqR9+/b3339/5UtKqCJrTipbES6MtlMaFkftvv1vyso6Z42t03/Q8JMnT5kDHPfu+6v4znfdOfzL/35r/u5+TdfHn5q6Z+9+j8eLEOrZo+hMJsMwJCIJwQXTmS/X8Jz1uc90v6brhEcf+WPnr3k5pww9v0f3LgghvxOAG4WLYELw4KVwEknQgjHu3r372bNnCSG9e/c+ceKEeTXT03cLwYVg3a9JEYL/uPY75nMZvjxDzzX0XJ+eY3jO7d+z4713337huaeGDBnasfM194y6nTOPQEaRMaBh8tkXX991x03Ba+68I5pD/jGlslPWqoUeclPY5gVHCEtKPKFK5V7GmM97zpv/P84KhzwKJIQQhMqyVl2xVg/2if/9998//PCDOeXOZPny5UVmPQdvrQARTzAihNlV9uzZc+XKlYFeaOXKlYFhjidOnHA6nYE94+LiTp48WfUFucDlAVDBZ0R5D5BluVGjRm+88UZg0PQLL7ywYsWK1q1bq6raqlWrpUuXBqbphdhUJpqmtW7deu7cuZ06dXrzzTcr9nZLJY0qNkIVHOY3coRAQghuMJ/b0M2JL+xym/hSAeF47bXXBoTjtddeW5pw9Hq9X3zxRXkD9gYfNWDAAIyx2fZWrlwZHx8fiBk7f/785557LiUlRVGUbt26vfDCC59++mlECli8zU+fPv3jjz/u1KmT1Wp1Op3Dhg378ccfA/bXiRMnOp1Op9N50003BQdjmzlz5htvvNGvX7+YmJimTZsGRxt5880333jjjc6dO9tsti5dusydOzfY81UaaWlpo0aNqlu3riRJycnJI0aMMMebVs4iZJW1uAJ9EFbL79E9ZcPGTUKIXj2u2Zj6c0n3stqqZfPXXpne8aq2Cxb6Z7Du3PnnIw+PjY11xMY6hg0Z8MrMF8wcIIGQEIIZhw9nDB5wteE5o7tOG95sQ89nhmf79u0THh0fG+twxsYWqd5gm0T4JhDT0yeE6NOnT/FpIlOnTi3+eENCpKamjrz7rtq1amBkJCbE3j582M6dO3T3KW/e//T8/xneM5y5BDJQoYgs4311ybuftG7V/JmnHk1MSoix2x56YOT8uS9F537l/o4OYUl1KtZEStUy27wQQnCDSlbFmlhqsPGwxaOh53rz/i520TgmVNYSVFuN4A0vv/zypEmTAn8uXLiwbdu2U6dOTUpKstvtjzzySCWjbkU8wUi9pobTVfbq1SvQ86DzvdWfffbZvHnzmjdvrqpq/fr1582b99lnn1V9QS5YeQBUlnJNjvF6vQcPHpw9e3Zg5Na111779ddfnzt3Lj8/f/fu3c8884yiKGVuQmWFhne5XH/88cf06dMDJyrH0w9T/9wX1XHeUnY4Rium/8/eecdXUeX9/5Qpt6eSEGJAVFZKEhcWQy9C6F1ZEYiA+rjiLrgEEHWRlUUfca1EEcWG7ZEHH3AV2R8qKAihCrJACAmGBBQRciEJJLll2vn9McnlcsvcmnATzvs1L8id78yZM6fMfOZ7GkOXRfNZAPyZJk+eTAjp2LEjAKBjx46EkMmTJ/s7a+DAgQHFjcZZO3fudB9uPGPGDPeX/cSJE4uLi9UO5ps2bYpwVluNMq+6Erdt21ZbW1tfX79lyxZXo3lGRsaGDRuqqqpsNlthYWH//v3db2fSpEkHDx50Op0///zzAw884F5kH3300VOnTomiWFFRsWDBAo3UcO0ZNGjQ+vXrL168aLfbT548uWLFClf3x3BEI8Isb9GZ065umPbePEfGfL9jd/6CJ3Xm9H37D86d97hrZIzaVE0Isdnsx4pLn31uRZt2nV0t0bd0yfl84/+rrq6x2ey79+wfMuJOQghvTOV0CZjRAQjHjx9fXl4uy7J7Cmgnr+pZIYR4zGmnwbZt29SxBXv27PHoTjd48GC195gPrRw45aHa1sHpEnhjW505Q2/paPAziaPBcpPBcnPqDbcVrHz3519+FQSxpPSnWf+V3zRN1Z0IIYb4Ww3xtxoSOhsSOhssHVWHn0aZh5jRmdNNid2MiV115vTIBsr4fv6rmJKy1FZszBrcnYLuuWyxWF566aXTp08LghCVlWM0AtR4SQX/+ApvyZZgHpWnTp3q3Lmz62eXLl1c/XM4jnvyySd/+uknu93+008/Pfnkk+4v34BRDeZOtbMyVuUBRYsgm6qhKhznz1/QKu4aQoQQYiFmoc/Fc/0oCUIUIouKItF1VFsBGOOPPvpo1KhRwTf4UhDmGM6EmGDWYIDhHwN91EZCCFEERXYqsqBITkKUSG5kzpw5L7zwQp8+fSLvqLB9+/alS5f6046hPZgwy7AGiHSI4SBgrgzLIy637pVFTT1GU4SYCUF+LCH3K0EAFMkmCZdkya7IoveTE0LI6hJYQxogBAAi2q2CowpEllPq85ozpjJsPMSMe1IAABTZIdjPS0It7SNEoTSncAzmMKaV3C6EEGKEMEQcRNDtGeT34UpcHy8KlYytClmW77333nfffbdr165UOAYlIhie5eIgZpurV0ZDvzlCFFUsyrKDyGJUgn7ggQf+8pe/RKV7axRnxSOyKMqXALiMWR1CHMTuChKpauwaNnQQABBj5BiDOiBdkRyKIhBFdnfzyLLENihFyPDxhCiS81KEk0sQogj154nOyfBJGOsIhK6kQIyON6QjZJWES0qUygaFQokKLV84QggRgyALMYYAqQslaLytVMmoDoRt6FAf8XczJQa1Y4QLkV03QMzwDG+BiANBjeqAkVZXtQIqkiI5ZMmuyEJ0K2D37t1jOLWJLNplYIewFmIWMTrMGBHiIGQAhDCEnplNpB4BZoyYMSiyU5HtklCnyI4rnbwViSgiRBwABCKO1adAhEVHlbu+DFM72qsUWeR0yYg1AZd2JBBiljO0RaxeqK9UZCetqxQKFY6Rv/IQQozbXNwQAKLhMVHfWApRiCwRRWwca0mhXLeiETGsEbMGiBgAolgXoJ+9CACiyIIs2WTRToh83bZCEqIQyalIThnWIcxi1oAYA0IsREyjyy0ImQdDMwQXHgEAIKxDWIdZkyKLimyTxXpVSsqyncG8GkMIEcsnQ8gIjotEFiJMEEmoVWSBNbRh+QQIUcMoeAIARCyXiCDrtJ2TRRutshQKFY5hey0gRAxCLEQYXPEyEk03ByBEURo6MtKB0hSqGhHDGTCjqsYmrg4QQACJIiqiXRLtiiLQjmuNClKWJVmRBYjqEKPHjAFjHiC28Rv4WqUSUbs1YpbFDI8ZkyI7ZKlenXTiyjEQMlw8gECwXwi1p0GjOryCIjsFWyUAgOXir1gJIRBg1sQb0gSHlXZ5pFCocAxHMyLIQMxChCGEgATwMgIIAIHq1G6KIlPJSKGo1QizRswYIMLNUSOIIksOWbRFvWG6tchHhciCIouyWI8ZHmE9YvUIcgDCa/e4Io3/YIQxwjxmTWpc3RyaBEDIsPEAQMFeSeQQuoljzkxkQb56AWsiC4LtHFBkVpcIIGq4d0IIhJg18YhFsFKMuGMlhUK5boQjhGpTDkQYQgRI4C9ydaVAIsvqhMA0sykUAABEGLNGzOqbZb11osiCLNYrkoNKxiAEpCQJEoQ2JHIQ85jRQ6SDiIEANg7ou0YKEsDG1ROIR5QbtCMhouOiEnSbNWYMiE8Q7JUeDdBElgS7lRCJ5ZPU1REbtKO67KGhLcSc6KhSIm4cp1AorVs4QogwQizETKNkJIEedYQoMlEkoshUMlIoV9Ul1sAw6qowTS2DZEWyy5KNjooNMeGILDmB5JTFeoT1iOEQo0dQ7cx9rUZeE78LlRMCIWK4eAihYL8Y5CgWooiYT2R1yYr8G1HEq02SaL9IFInVpbgtVEMIIRCxrC4ZQCzYrYRqRwqFCkffbznEQMRChBu/ubWbpQEBClEkRRav5673FIqf+gQxZ2Qaxq42pQhRl+sUbbLspNUwglSUZaVOFiFElxHWYc6AEAchCxEGBICInJBKGMuG+XnoAkIUACHm4znIiHarRwO078tLNkJklo8niijYrIRIHt8coqNaUSRen4pYfUOXJAAIUSDErC4JIlawnVMkBy0kFAoVjlceSAhhiNmrmmmI9hex0tCXUZZoR0YKxRvE6BnWBFS3fVOpRkiIpIh2SayLcKIWipuOkmSlTpFsEDGY1aOGSXzYRu1PYiGOAEDMmSHEgt0qi3Xah8uyQBSRIJbhEwmRRPtF754MslDrJIQ3pCDG5Db3rgIgYjkLBFCw/SZT7UihUOGoukUQZiBmoatvuLZkJIQoEiGSokjUvUGh+FaNmGc4c4NqbJqaCyAgkiCJtbLkoDWxKfQjkQV1CDZmDIjRI4ZHkHPrdRBRmkfqgyYEQIgYA29IFR1YEuo0ugkRoiiKiACBCLF8MlFE0XnJu8zIYp3TpvCGNMQYG6d4BKq7lOEsABDBdo5qRwrluhaOEDEIcw0N00E8Bhsn8aYdGSkUbdXIsXxc4zSBEUhD/597gBBFtIvOy3QRpiZXkIosCbVAqIWIRZjFjAEzRoiYZui3Cgj0UQpcbeaEAAAho+OM7TB7SbBb/XVvhYAQxUkIgQBAzHD6tgBA0VHj/dCXRZuz/lfekIZYk2uyXgIVACDDxUHECvZzkrOWlgoK5boTjhBihFmIWAiD+uglhCiKQGSRDtWkUAJ+jzGcBSK2ibyAEEJCFFm0SUItbZ5uXgUpyoqoSA4J1yKsYzgzQjyACEJ8bb6lCWnsPosYLgFALNqtPj2ChBBZsjM8UTUkxCyrSyayKPlq45Ylh9N+jiMpmLO4+R0BAQQxBt6QBiESnZepk5tCuW6EI4QIsW4LwGgdSQgBRFYUiUpGCiXITzKGMyHMNVFPOAghUWRJqJNFG3X8Xxv52LAOjSCL9ZjVY9aMEI8QAwLKR1XnRTs6AEDVNYlZC4SM6KyShFrg9bhWJCdRFIiRGhOEdaw+WVFEn+OyZdEukPMsAAzfqB0bIk4g1nOGdhAgwVFNCwOF0sqFI4QIIhZhBgIU4PmlNoTJIlHU1aXplyWFElwN54yYMTTRLIAQQkUWJOdlWXLSEWkxICAlyVkrC/UQsYhV16HRQ8QSoATpjYvCUHuXGCUAAIAYA495zBpFx0VFcl59oEwUJ8CudxDBrJk3EKftnG/tKDkU228ASAyXACFWh3I3aEfEssZ2ADKi4yJ1KFAorVM4QgghYiFiEAo4MxkEgCiKSGSJKBJ9KFAowYMYHjH6phpADaEiOUXnJTobc6zpRyI7Fdkp43qMdYjRYcYEEQcgAUQtCs37FEWY4RIQ4kRntSS4NSgThShOQIzuS9FgzswSUbBZPSZ3bDDLgtNWSQBhuSQIEQGK6/WBIMPpUwCEgv0CoK8JCqV1CUd1nh23ETCaKIRKRgolvJrGMKwRoqZaHobIAlWNMa0gZVGSRSjWy7gWMXrMmRDiAcCgYbHWJpSuV7UgEQAAwKwJIR4xOslZo0iC2k39SjdHt2LLcgmAEMFu9TnKisiiUG8FBLC6JAgRcevvCBHD6dsACEWblb4vKJRWIhwbFoAJbgQMUSRZkYgi0c9HCiX0ygYZ1oCwromCV2Sn5LxMVWMLkI/qQuGSQxbrEaPDnAlBHUKsqu1I03Vz9IwGgZhlURKDjaJQLYl1RBYVyUkIufp1QABEDJ9IiCI6Lvgca0UUUbBXAgA5XSIEqHFNG0AAgZDhdG0AIYL9IqA9bimUli0cIUKICWoEDCCEyIqsTspIJSOFEg6Y0SNGD2CT9G1UZKfouOSzMZESsyiyoMiiLNoaxl9jHiJeFW2hFBE/M/IEeSZEkDVwmMdcneS8pK4RAzHvcSCEiOWTACCi/YJP3yGRJdFuhRAxfIL7CjoEEAgxq2tDiCI5quloLQqlRQpHCDFEOAjJSAggRJYURSKKTDvaUyhhgzDLcGojdROoRolO1thyaViERpZsCDGYMSDOiBEPEBf1C/novE4AgQQAABFmUBxmLERx+nkvEIgxp2ujrkPjs7ApsuCs/40QmeUTAcTu2hFhljekIcQJ9vN0figKpSUJRwghdF9pWuNZRgBRBEWdx5uOmKZQIqp3iGEMELFRDxgAokgOSailqrHlC0hFdUBCqR4hHjN6xBgQ5gDEQQysbhxkAz1KR/CikjS8ILDO72mEAIRYPhFAKNgqffd3VCTBXgkIYXRJ0G3yc0IUiDCrTwLAb19JCoUSc8IxuO6MqmQUFUUCRKaT7FAokYMwBxmd97vaUwSGoTUkhyTU+lsLhNIS9SORRVkWFcmGcC3EPMNZEOYJZKIxKQ/w6XR07WuQjxplkRAAEcsnEiL7G+9CZEmwWwEELJ8EPLQjxKwuCQDitFXSXk8USkwLRwhh4xowWOuLk0pGCiX6H2wMZvSNjdRRHPQAiSxIQh1Vja1UPyqy5ACSUxZtmNVh1oyxHkAGhjRuJqz+tIG6TBIIIMsnAaKI9iqffRaJIgk2K1APc4twg99Rl0wIUR2TNKMplBgUjhAiBmMeIkj8PwsIIUQRFVmkPZcplOhWQMzoEcNHPViiSJJQS8dQXwcCUpScouSsw6ye4SwI6yFiIHTNtkuu6L0gGrSj8uVCAEGI4fQpAEDRUeWvzVq0V0KIMWuGaksWIAQogCgAQIR1DGuQhHqawRRKbAlH12LTAEK/nVYIUJd+UWinEwol6voOYczoAERRHRODAJFlodbnisOU1qogZdEmizbM8JgzI2xAmIeQ8ZKPUbpYoHHaarszp28DIRTsF/2MlZEE23nM1kKACJEIIIDIiiwBoCgyfd1QKNEEBX/o2LFji4qKHA7H0aNHR40a5f7CGjd+YlHR0fq6mv/8uHfkiOHA61OTEKLIoizZZcnhUo25ubk//PCDdzs1IYQQUl9ff+TIkaVLlxqNxuA+lrXO8netgAG643A4ApqCISUl5dy5cz4jo2EKNUD/+dVUeEfDO6EivET//v0/+eQTq9V6+fLlAwcOzJo1y9WapmGKfbQjHxcX99JLL1VUVDidzmPHjk2cONFnLo8ZMw5iJqrvdQiAIov1saMaI6x6UaTZ6lfUK1EwAap1WRIdgu2CYDsnOi7I4mVCRAABgKihWZr4Ki/ugtBnUSQAAPDzicI2bRI9L9om6dSJHQCA2gtH1e38z/v37NjwwH13g4Z5dpJZXRKEOC8vjxCSl5fnfvqQOwZu+PTD87+drLrw695d26bdM1mRhWBUo8lkev7559X6VVxcPG3atIAmQsiePXtch+3du/fKVOSN1NXVHT58ePbs2U33INK+1owZM/bv319TU1NTU/PFF18MHTr0igvHjenTpx86dCghISHCyPjMFEqr5eWXXwp4TFZW1vnz53Nzc3U63bBhw86fP9+1a1cAIUTMbb/veb6ycuSo8aa41JGjJ56vrMz6fS+Wt6gbwxkxo4OY8W632L59++DBg30KRwCAXq/Pzs5+9dVXf/jhB51OF0wV0jjL37WC55lnnnnjjTdCNflk3bp1L774os/IaJhCCtB3fjUx3tGIeu/VnTt3Tp8+PT09neO4rl27fv31108//XRAU+yjEXmdTnfo0KGVK1fedNNNHMdlZ2dv3LjRO5eHDx9ZWWntfvtgnTmtcWt3ZTNdvZmD2dL15nROnwARE7PpFmrVixbNWb+iXomCCdC7LiPEMJyFN6bpLTca4281JnY1JnQ1Jnbx3BLct67GxG4+tqRuu/f+OHT0vcakbq7NlJQ5bMyMXXsOmpIyCSGmpExTUmZKxu1jJj3wU1nFo08sNyVlmpKzjYndOGPbd99bU1xc/M4773jc1/bt2wcMGKDX67t06bJly5YlS5YEvFOWZffs2bNs2bK0tDSz2Zyfny+KYkATIaSysrJDhw4AgBtvvLGystJdOKp/GI3GIUOGlJaWPvLII01dNryv9dRTT+3atSsnJ0ev1996660ffvihdwwBAJMmTTp27FhqamrkkXn33Xe9M+WafFtSURc2xcERrHBcvXr1ggULXD8XLVr0xptvYlbP8Oa331nz6GOLGd6ibo//7e+r33qX5S2YMyLMuc+SEGQ2e+xZtWrVwoULQy0uPs8Ku0iZzWar1dqxY8eQTD4ZP378qVOnjEajd2Q0TKEG6CO/mvj96jMaTV2H09PTL1y4EKop9nGP/IIFCz7++ONAtRKyvOVvS555650PoyYcLTdw+sQgZuy/ZoRa9aJIc9av5heOmg8iCBHD8Bbe1M4Qd7OpQQv6l4+JvrXjex/+3+y5i92FozGp28OPLHnvg/9zF47qNnRUXknpyYafyVmmpKzyitPT8maUlZW5x+yFF15w97dlZGScP38+YGrMmTPHQ+vMmjUroIkQ8uabby5atAgA8Nhjj61evdqnLAMA9O3bt+FF2/Rlw/1aVqu1ffv27tYnnnjC46wRI0acOHEiIyMjKpE5efLk1KlTPTKFCsdWKRyDbaoeMGDAV1995Xp0fP311kEDB0HEAAD79+vz9TffNlgA+OrrrQP695UlpyI6FFlQ51CIpIXl/fffv/POO70Lh3aAPs/SLm0aAT788MNff/11RUVF8CafAcbFxb3xxht//vOf6+vrgzeFEeBV+QXA5s2bBw4c2HSlLWDkmw6WZcMwxT6uyN91113+RIkrlxFmEKP7Zst3/fv1itL1IZFFWayP5RFsGrWyqWnm+tWcaNTlcePGHTx4wG6rO3ni6P33TnTaK0XnRSI7kXPgeQAAIABJREFUIETQX68nAnw2WJ/4qeLmmzoAAGbm3Vl3oWj61AkAgFtu6nDip3Lvg48WlWZktHM9BzPap5nNps+/3BkXF+8ueh599FH3J6TdbmeYwM7yKVOmvPfeex7vjoAmAMD//u//3nPPPQCAe+65Z926df7CP3z4sOqYbAbcr8UwjCxfVXmXL1/u/nPgwIFvvPHGmDFjfvnll8gv3b59e7PZvG7duri4OPdMIYTMnDmzrKzM6XSWlJTMmDEjGJNa2Hbt2uV0Oq1W65o1azxa0gkhKSkpa9eura6utlqt8+bNc39FhtSpgxAycODAHTt21NfXW63WdevWpaSkUAUZmGA8jnV1dQaDAQCwa9fuwsJdcQkptbV1qouxrq7eEp/K8pbde/YWFu42WxJqa2uDl2UBPY4Wi6W6ujpggEGeFYZw5Hn+7Nmz3bp1C8nkM8C3337b9YjxsGqYwgjQLb927dy502g0emdKFPEXDULI2bNnnU5nRUXF+vXre/ToEUVdlZ2dvXXr1lWrVgVvahF60SPyNTU1kyZNOnLkiN1uLykpyc/PRwh55PLuPXt37d6XlHpzbV1dlDyOaQxnjuqEPlFGo+o1A81Zv6JeibQD9FeXR44cWV1dfffdd1sslp49e5aWlg4bNgxCjFkDZ2hjiLu50bkYlNNx0pSHPt/4jTGp23sf/l919aW33/tfY1K3L77cMunu2d4ex9zR917xOCZl/ukvf/v8yy2mpMzPN341c9YDng5RiDGjY3jz0//9zzdWv8sZUjhjKm9K401pvKkdq/PselFdXR0XF+czoTRMhBCE0K+//jp27Nhz585hjP15HPv169dsHkf3a61cuXLfvn2jR49WC6rHWbfffvvly5cnTJgQrZjMmDFj/fr1AIANGzbce++97tcqLS3t16+f0Wjs3bt3SUnJyJEjA5oAAN9+++3QoUP1en1ycvKKFSs8pDkhZNOmTVOnTk1ISGjbtu3rr78etseREHLw4MGBAwcajcb09PSPPvpo7dq11OMYnaZqWZYxxghz+/bt371nL6ePl2VZFY6yLPP6OIYz7t23b9euXQghjw+dUB3LHnswxpIkhRqOz7PC83rOnj37888/D9XkzR133FFVVdW2bVvvyGiYwgtQlmVVXuzduzeMTAkJjWhs2LChd+/ePM+npKRMnTr1l19+icqjyvVB+eOPP3qMgtIwxT4+Iy/L8t69e3v37m0wGLKysnbv3q1+XrtyGWF2//6De/buN1jSZVmOhnBM53QJATuZXFtCqnpRpznrV9QrkUaAGnW5sLBw7ty5rp9jxozZvHmzS6whRsfqEnXmG40JnY2JXRs2/9qxa/fhR4+VGJO6HT1W8uKKtw8dPmZM6lZUXNql+zCPPo5j7/yvspOnHn/yny7h+NEn/1rw+H+bkjIXPr78g4/+j9MnsnwcZ2jDG9N0lgy9paMh7pYp0/9cceqX9r/rr/aMNCffpm6mpEzOmOreAUOSJIx998fQMKkps2LFit9++01VLT77OA4dOvTEiRP5+flNLRy9r4Uxnjt37oEDB9TxW/PmzXN9cBJCysrKXnvtNbXoRiUm77333pw5cwAAc+fOfffdd91jOGLECNfP4cOHf//99wFNHlgslkuXLnnc+H333RekogiYhjk5Oa6fqamplZWVVDhGRzjW1dWZ45IY3qyKxbiEtqrHkeXNdXV1JnOCqyqG+vEdjMexpqYm1HB8nhWGcMQYl5WV9erVKySTT8rKymbPnu0zMhqm8AJ0eUTCy5SAyia8yOfm5h47diwq5ZvjuO7du3///fcFBQXBm2If78jX19fffvvtrgOys7NLSkrcc5nlLTpTms6cFi2PI29IQZiL5VQKteo1nccxuvUrGKJYibwD1KjLNpstPT3d9TMhIeHMmTMezj6EOYaP05kzDHG3NOjFhEb5eLVwNCVlXrhQldohx+kUbu422OF0pmT0vHCxypScqQrHhlkybPai4tIFj/+3pU22Szie/vlMzoBJpqTMnAF3njp9psHNmdTNlJSlqsMp9/71fOWFvoP/aErOvnrLMrf5vSmpG8Nb3N2KFovFn8fRn0lNmd69exNCBg0a5CEc3af4mDNnTrTEmcYDWeNaDMMMHDiwsLDwlVdecZ3Vu3dvCOH27duDGT8QDBUVFZmZmQCAzMzM8vJy9xi6e23j4uJcvbc1TAkJCQUFBSdPnrTb7eoNKoriceNpaWnREo4enZqu516SUROOECKM+ePHS27r3pttHAFzW48+xcXHGc6AGL64uNi9wSgzMzOk51pA4dirV6+9e/eGGo7Ps8IoEFOnTv32229DNQVUXR7yS8MUXoARZkrYalI78iaTyel0RvHSN9xww8WLF0M1xT7ukS8tLXXXKHq93mazuXI5M+s23pCiNi7/odcdxcdLIxWOpraY0cd4+oRa9Zri8dps9aupK5F7gBp12Wazeez352SFmMWcmTe21Vs6GhM6+2utPnz0+P0PLTp89LgxqduRopL7Hlr0nyPF6vBqj6Zq961r9+Ee0ejSfbgqCtVxMzP/a+GFi1UDc+8xJWV5Ccdsc3K2uc3v9ZaOrk+jwsLCvn37+rwRDZPGa6s5ZUfw10pPT3c50lxndezY0Wq1du7cOcJodOjQwSNTXONyvNVhVVVVQNPGjRvXrFnTpUsXdWoUk8mk3TMtQuEYuU643oQj0pSMEGEWMzrI8Lt27x02bEhjcpJRI4bu2LlTFh2K5CwsLHR3OI8ePXrHjh1RvJNZs2Z99tlnzXOWN48//vizzz4bqslferqj7gloCi/Aps6UIKPhQXZ29unTp6N4aYSQvxEwGqbYxz3ye/bscdconTp1cnVmLywsHDlqNEQNzv4Rw4cW7toX4aVl0S5L9hhPn1CrXtRpzvrV1JXIPUCNunzgwIHU1FR3q99mXFmUhVrBdl6w/SY6LspSPSE++hqVnii/54/j9+3/DwBg3/7/3PPHcaUnyoHv+SGvMKBfz8+/3GJOzlK3z7/cMqBvT0AUQAggYNaMu1a+svSP0x/58dAxVQJ4rDRIAABEYTgLwzd0xli3bp1rrLTKzJkz1T80TLHP0qVLPfZ4OO1UN+GSJUs++OADf1kZJIMHD16/fr2rYKxfv37w4MEua58+fVx/5+TkuPf49GcaPHhwfn7+8ePH1VlahwwZEnxkJEkKZlAUJVJ8ehwhwpjhGc6oehl//4e+5ysrh48cbzQnDh8x+vz58127NrzM1CnNhg4dyvN8bm6uzynNwhgco9PpsrKyCgoKDh48qNfrAwYY5FnabjOPnWPGjNm3z/ebWMMU8JbD+2YKKcBgMqUZPoI3b948YsQIi8ViNptzc3NLS0vvv//+SALfunXrhAkTEhISdDpdjx49tm3b5uoWrWGKfTQif/vttx88eFCdj03t4/jYY481vvJvq6y0jhp3d1xyh9Hjp1RWWrvfPigSjyNvSIE41p+5AateM9Cc9SvqlSj4AN3rcm5u7tatW3NycgwGQ3x8/MSJE7/77rtgvisxo2P1iTpze2NCZ3eP49PLX5Mk6f6HFhmTuj3w8GOiKC179lV1Xh4Nj+PHa7+Y9+jTrp/5i575eO3n6t9Llr0iitLkaXNMSVlXbclZXn7H24wJnTFjAABwHLdv376lS5empqaazeZHHnlEEBqW1tQwxb7HkRDy6aefZmVl8TyfmZn5zTffuHq/eJz1zTffuGbqCY/333//4Ycfdv3885//vGbNGte1SktL+/btazQaVWk4bty4gKbvv//+H//4R3x8fHx8/F133XXy5MngPY4nTpyYMmVK8FKYehzD8Dj6FI4QYYbhjAxvdnVqZHjzhImTjxUXO53OoqIij5USxo4de+zYMZ8mDdHjr3FT/Wmz2YqKipYtW2Y2m4MJUPusgA2pPvcXFha6r9IRpCkWhGMwmdIMz7LJkyfv2bPHZrNVVVXt3LlzzJgxEQY+YMCAjRs31tTU1NXVHTlyJD8/3/VxqWGKfbQjP3HixKNHjzocjpMnTz755JMuE2YNd06eUXy81OkUjhWXTLhzuptqDF04mtIwo4v9tApY9ZqHZqtfUa9EwQfo8UgZMmTItm3bamtr6+vrt2zZ4j4GNrB+RAzmjLwxzRCvdn/sNv2+eYSQbj1GGBO7desxghAy/b55LuGotll7b6d//rVHn3Gun3/oO/70z2fUv322s3foNNCnfDQn36Yzt1dHWFsslpdeeun06dOCIHisHOPPFPvCcdiwYZs2baqpqamvry8uLl68eDHHcT7PysjIqKysVHsohsepU6fc27u7dOnimiRLHcVSXl4uCMKJEyceeOAB98j7M2VkZGzYsKGqqspmsxUWFvbv3z944Th+/Pjy8nJZloOfjocKx1CFI1SF4/z5jZPZQogQizAPILwy/xZRiCIpskSIEvWFSikUShhAiFjegliD/yrp1mGA+LW4kEWb6LwMiELTltJkhRYjzGLOwrBmiDiA0JWSCX2W4PAmhIL+Ln/VMURy1p8VnTWAThndlNLWX88lDRPlGgrHYA5jvGo119hWRRolo6zIIpWMFEpsvYMRhlEb+wyJIsmijapGShPLCFmWZEUWJGcNw8Vh1ogYHkDG37uFAAKjOJkoIW7akUDIsHyCLNoV2UGzhkIJHuaK+wIxCHPANXmbKhkVkSgyTSYKJfaEIxO99QCJLNoUWaSpSmkW+agQWRDsF6CjmuUtiDMirIeAhRB6j4wJSzsSv07Hq7QjQKyR5eOcNiocKZTQhCMEAGDMQ8wCANUxbUQRGr2MFAol9lQjRAhzAEJASKQeGQgVSZAlO21SoDS3gCSS4KiCzhrE6DBrZFgLYnTqK4lEWhrV06Ef7QgAgAQQCBHmLFi4HPszCbTYJxUMwxT1cnbN49DahCPDmwEACHMEEEAIUURFlgiR6VuEQondxzHCEEWpnZoQRXIQRaKpSrlG+lGRRZss2iXmMsOZGTYOYp36RidN9Bq6soI2xIye4eMU2UkdJdeheKWEKRx1hjYAAAIUIsuKIhIi057CFEqs60bEQoij8VaFRBZpHy9KLAhIRXIKsiAJtQxrxqwZYR1ACETU01Fz6E1jyAwXL4m1slBP84BCCUo4AoUAAGTRQSUjhdJSPqAR5iBC0aiwiixTdyMldtRjg3yEwmWWj2N1yWq3+4hHyRC/zdYAIMyzfIIiOWiHfgolGJDddlb91gv4Eho7dmxRUZG6Yrr7vGW5ubkbN26srq6ura09cODAjBkzgrx2bm7uDz/84G9+R3XxzaVLlxqNxuAeOFpn+btWwADdUWex1zYFQ0pKyrlz53xGRsMUaoD+8qvpiPp9edO/f/9PPvnEarVevnz5wIEDs2bNcjVDaJhawutSa81Gj6xEiFXHU9trz9prz9ovX9lCvq4syaK9Zc1b1vwF+9pGI4zFSCMPMFoV1h8XLlxISUnx2Jmammq1WgEARFEUyemsrzz/y8G9Oz77r/vu9hg3c8/dY2svHL3n7rHup98xuM+n/7PyzMnd507v2/Ht/067Z7yXdvSpKInRaHju2WUV5RVOp9NjHkeTyfT8889XVHiaCCF79uxxHbZ3717v9WPr6uoOHz48e/bspnsQaV9rxowZ+/fvr6mpqamp+eKLL4YOHeo6yz2Q6dOnHzp0KCEhoUmL7jV/wF6Hz6imRXutahV1pYTc3FydTjds2DD3lRIIIdu3bx8wYIBer+/SpcuWLVuWLFkSzHW3b98+ePBgf9Nv6vX67OzsV1999YcfflAXrAymZPg7y9+1gueZZ5554403QjX5ZN26dS+++KLPyGiYQgpQI7+ajqjflzc7d+6cPn16eno6x3Fdu3b9+uuvn3766YCmFiEcg696Wbf9QWdK05nSCCE6U9rVk34HNwF44xzgDG8GoCV1ALomBfvaRiPq77xgAoxWhdWoyP369fP+LFRXblSvixl9Snr30ZMe+KmsYuETz6pzg6tzfX/4P5+VlJ784OMN7nODE0J27vph+NiZbdJ7/qHv+O+273l6+WteU4hneWwJbbvv/+Hwcy+uvqlz3/j4Nvn5+aLYML0Ay7J79uxZtmxZWlqa2Wx2NxFCKisrO3ToAAC48cYbKysrvScANxqNQ4YMKS0tfeSRR5q6bHhf66mnntq1a5e64tStt9764Ycf+pyifNKkSceOHUtNTW01us3f8hnX2zMqPCJZOcYHq1evXrBggevnokWLXFLphRdecP/KycjIOH/+fCTZ7LFn1apVCxcuDDUcn2eFXXrMZrPVau3YsWNIJp+MHz/+1KlTRqPROzIaplAD1MivJiLq9xUM6enpFy5cCNXUsoSjR1Y+9thjq996T13oJULhyBvaoKjNBNlMNH/BvubRaH7h2HQV1sVbb7113333eey8//77V69efUU4sgZjQhdjUuaQUXklpSdV4ahuFad+ue9Pj5ZX/OwuClesXGNOznL97HxbbqX1op+lC68IxwWPP/vBx5+ZkrJNydk6SwZE2LU+9Zw5c9555x33GLpMhJA333xz0aJFDVVy9Wp/K8f07ds3yEmVI89K92tZrdb27du7W13rCrrOGjFixIkTJzIyMlqTw++aC8cYeUbFhHAsLi7u1q2bu6Y+duyYzyOTk5MvXrzonW2hrlXtIicnZ/fu3QEDDPIsjdKmYV20aNHHH38ckslngHFxcb/++uvo0aO9I6NhCiPA4PMrKkRyXxEKx0uXLoVqalnC0SMrb7utR/HxkqgIR4Y3t7jxhs1csGMhGs0sHDUq7Lhx4w4ePOhwOE6fPj179uxI4jB//vxnn30WAPDAAw8QQmbOnAkAWL58eX5+vpdw7JaS0bPeZnepxs6/z7VeuGhpk33hYlXn23L9rWrdodOAqqoaf1aXfNy998eho+41JWWZkrONSd04XaK7W7Rv377+0nDw4ME//vgjAODQoUNDhgzxJxyNRmN9fX3zlA33a1VXV6enp2ucNXDgwPLy8k6dOkU9VmlpaQsWLDh8+HDAIuevRBFCBg4cuGPHjvr6eqvVum7dOveODXl5eSUlJU6ns6ysbPr06d6dBHyuY6wRYDAaICoPh8OHDy9YsKBt27bXi3Csq6szGAwAgF27du3cudNoNNbW1vo88h//+Mfrr78eReFosViqq6tDFY7+zgpDOPI8f/bsWfeiEIzJZ4Bvv/32unXrfEZGwxRGgMHnV1SI5L7Cg2XZ7OzsrVu3rlq1KnhTLAvHs2fPOp3OioqK9evX9+jRw19WWuLa1NbV6cwNTdW//XbO6RROnf75X59v6t1/uF/haPZyNxpTMcODlkYzF+xYiIZG2WiKAP1V2JEjR1ZXV999990Wi6Vnz56lpaXDhg0LOw6jRo1av3696nqsqqpSq+qGDRvU9a89hOPQ0fe6exwf/MsTn3/5jSkp84svtz745yf86cLlL7zx1rtrNYVjpikpq6bmcrub+jSuZ51tiLsZNa7YXl1dHRcX5y8NEUK//vrr2LFjz507hzH2Jxz79evXbB5H92utXLly3759o0ePVguqx1m333775cuXJ0yYEMXIGAyG6dOnf/XVV5Ik7du3b968edpvXo0SRQg5ePDgwIEDjUZjenr6Rx99tHbtWtU0fPjwsrIy1dSrV6/i4uJglrHWCDDqwlHj4TBv3rx9+/ZJkvTVV19NmzbNO2tam3CUZRkhBADYu3fvrl27EEKy7GMA2oQJE8rLy5OSkiL5/PXYgzGWJCnUcHyeFV6xmD179ueffx6qyZs77rijqqrK9bXhHhkNU3gBBplfUSHq9xVMXqv8+OOPHqOgNEyxzIYNG3r37s3zfEpKytSpU3/55RfXM90jK3l9vCzLah/Hz7/498A7xsYld8i4KWvGfX8+c+bsH++5LzjheAOni4/ewjPNR3MW7BiJhkbZiHqAGhW2sLBw7ty5rp9jxozZvHlz2HG48cYbVY/U4cOHly9ffvDgQQDAkSNH1F6DjX0cDSnp3cfceX/ZyVOPPflPl3D88JN/zX/8v41J3RY+/uyH//OZT0U45d65p07/0v53/X1ajUndjAld1L8lSYpLuc298Zo3tVM7/kqShDHWeN2sWLHit99+Ux0lPvs4Dh069MSJE6obtUmFo/e1MMZz5849cOCAOkRj3rx5aolVzyorK3vttdfUoht5NIYMGfL+++/X1tYWFRUtXrz4pptuCubNq1GiCCE5OTkuU2pqamVlpfr3999/7z7cZPjw4UEKR38BNv/D4eabb168eHFRUdHly5fXrFkzZMiQ1u9xdBVT7y/s8ePHnzt37rbbbovkm8mn77CmpibUcHyeFYZwwRiXlZX16tUrJJNPysrKPLzxwZjCCzCY/IpEsQUZ+fDuKxg4juvevfv3339fUFAQvKmlkJub62rdcM9KiJiE5IzaujpVODZsjUpx9PgpxcdLAwtHczudqR1mDS0xZZqoYLegaLiXjagHqFFhbTabe9NnQkLCmTNnwr4ohNBqtZrNZqfTmZaW5nA4jEaj1WptmPe7kXqbrehY6fzH/9vcJsslHE/9fOb2ARONSd1uHzDx1OlfvHXh3Xlzzlde6DPoLn9eRmNiN96UZoi/RfU4pt3Yx6UazcnZxoTOau2orq62WCwar5vevXsTQgYNGuQhHN2n+JgzZ05UxJn2A1njWgzDDBw4sLCw8JVXXnGd1bt3bwjh9u3bgxk/EEw0qqur3UejB/Pm1ShRhBCWZX2GcPHixfj4eNf+uLi4IIWjvwCv4cNh2rRp1dXVMTWpRdP2cczMzPR4eE2ZMsVqtfbs2TNCZ7v3nl69eu3duzfUcHyeFUYOTZ069dtvvw3VFFB1ecgvDVN4AQbMr6Z4eEXrvoLnhhtu8O5QG9AU+5hMJqfT6Z2VGPM9bh9YfLzUp3BMbnuL0ykEIRxv4A0pLW5YTPMX7NiMhnvZiHqAGhXWZrN57I/QyXro0CF1IhgAwH/+859p06apXQbdPI56Q3wnY2I392ExXboP84hGl98Pc9eFM/9r4YWLVQNzp2h3bcSckdUlGBO67Nl3aOioPI+h1rw5HSJcWFio0cfR355rPhDEJ+np6S4fm+usjh07Wq3Wzp07RxiNoUOHfvDBB6rH8cknn7zllluCFI7+SpRG8noIx/j4+CCFY+RiIFoPh1tuueXJJ588duxYbW3t+++/75omqQUJx2C/hAoLC0eMGOH6OXr0aHXeBJUHH3zw7bffHjdu3IEDB6J+J7Nmzfrss8+a5yxvHn/8cbUTd0gmfx/Z7gC3pZA0TOEFqJ1f0SXq9xU8CCGP78hgTLFPdnb26dOnfWQlZkaOGF64a5/PszIzu/78yy/uz0ZfuQUgIIrsUBSxJaZMcxbs2IyGe9mIeoAaFfbAgQOpqanuVn/NuEFy/PjxvLw8dQjj7t278/Lyjh8/ftWrHShAkQCEgADXNqDf7Z9/ucWUnKlun3+5pX+/ngQQdZbHWTPuWvnK0j9On/vjIQ0dTyCEELGis0awn1v/2b/zpk4EbteYPnU8yyWwuuR16z51DaNWUQfxtAiWLl3qsUdRPNdUrKioWLJkyQcffBBhVn777bczZ85MTU197rnnBgwYUFJScuDAAXdfpt1u955TL7wSVVRU1KdPH3cPkccBkiQxDBObz6iFCxceOHCgpKRkwIABzz77bGpq6qxZs0JyP8UQwc/jOHToUJ7nc3Nz3acmeuyxx0RRHDt2bECnVEifbjqdLisrq6Cg4ODBg3q9PmCAQZ4VUgzHjBmzb5/vl7SGKeAtBxOZCAPUyK9r+BEc+Ufe1q1bJ0yYkJCQoNPpevTosW3bNtdILA1T7LN58+YRI0ZYLBaz2Zybm1taWnr//fd7ZKVOpx8xenxlpbV7z0Gqr/Hrb74bN3FqSrvftUnrNHr8lBM/nXzoz/MDDKw2p+uMbTGjb6GS+hoW7GsVDY2y0dQBulfY3NzcrVu35uTkGAyG+Pj4iRMnfvfdd5FEY8mSJZIkTZ8+HQCQl5cniuKTTz7pfl2IWJ0lQ21Zdm0fr/38r48uczkg5y16+qO1/1L/XrLsZVGUJk/7c6ABMZnm5Gyd+QYIMYTIFHfDgYNHn31+1U2dB7Xt0OvRJ5YLgqg2WOtNCfv27Vu6dGlqaqrZbH7kkUcEQWgpHkdCyKeffpqVlcXzfGZm5jfffOPquuNx1jfffOOaqScqpKWlLVy40H1U9Z49e2bPnu2hCzVKlEbyjhw50jU4Jicn58iRIx4HnzhxYsqUKR7XCsbjGK0GMY2Hw+HDhxcuXJiWlhazD9goN1UDAMaOHXvs2DGn01lUVOTeO9Vn60ZycnLALNEYOU8IsdlsRUVFy5YtM5vNwago7bMCtpb63F9YWDhx4kR/XxX+TLEgHDXyq0ULxwEDBmzcuLGmpqauru7IkSP5+fmuj0sNU+wzefLkPXv22Gy2qqqqnTt3jhkzxmdWHis+PuHO6a5G6ql5D+7bf8Bms1dX1+zavW/S5HsDz8hjvoEzJEPUYlIm+AdRa42Gdtlo0gA9KuyQIUO2bdtWW1tbX1+/ZcsWdQR0JNEghKgz4Hbs2JEQMnny5KuuCyFnSDElXyUcT//8a/fe41zCsUffcad+PqP+7fNN1KHTAN/dHBM6Y9akytOUG7q9uurDn385KwhiSenJ+x9aZErKMidn6czt4+ITX3rppdOnTwuC4LFyTIwLx2HDhm3atKmmpqa+vr64uHjx4sUcx/k8KyMjo7KyMjMzs+ni2bNnz+LiYkVRgixR2jpv5syZJ06cEAShrKxsypQpLjWvMn78+PLyclmWPURFswnH2HlGNZ1whKpwnD9/AaBQKDEMZniGj/MxFFqr8d/Npj4SIZSEWkmopQvTU2IfRhenM97gu6hCjUIfTH8YKAmXBfs5RXJixsCb2iHGAIhy9QWIYD8v2C9evZ8SQ3Ts2PGrr7669dao+ewHAAAgAElEQVRbaVJESzgGcxiiKUWhtAQgQEykywNCCIhCZJGqRkqLgMiiIjuBz47RES/ZjTkzZ0jBDC9LNsFuJbJ4teIkECKWT2b5OAjpizKG+Pe//z148GCTyXTjjTcWFBSsWbOGpkkzQ+sDhdISZCNECGIY8brShMgtdFgM5TpEkQVZsvkt9sTf7oaxMoE+xQDDxrH6FIhYSbgsOi8SQNy/zQhREGY5fSrmWtiS7q2bN998c8WKFVar9euvv969e/eLL75I06SZYWgSUCgtQDgiBDEDIh2TThTZSdvdKC0FokiyWMewccCfz48A/6qSBP7QgpDh4gAgov2C5KzBjAGzHp3jFYQ5TteGyKIs2WiOxAJffvnll19+SdPhGkI9jhRKSxCOEEEY2WceBAAARXISKhwpLQdZtMlSndYnE4nA9UgIAJDhEnhDOmZNiuIkQPE6hCDWwOoTW/SQMgqFCkcK5ToTjpF3cASAyCJRJJqYlBYEUSRJqCFKoDnPA8lH/wqSAEAQZ+CNaZgxEdnpVdEIIITh4lhdIs0OCoUKRwqlZehGCLHfudODHiWgKAIhMk1NSstCFm2yWAeIHLisa7sXNcyEAAAR5iHifIVCAMQMa2mhC3VSKFQ4UijXm24EEKKwPI7E/dWoyCKh46kpLQ2iyKKjSpbqAFGaekIAvwOoCUEMr079SKFQ4UihUGJdNwKEImypJkSm7dSUFooiOQW7VZZqQUMfRKL1raRlDGrAtZ96iGk3RwqFCkcKpSUIR4QhwBFOXEeIRBTaTk1pydrRZhWdVURxBl7yPlCbdajykRBFkWyyZKcZQaHQ7ycKJeaFI8SRTsRDCFEk2sGR0rK1oywItkpZrGN1yQ3z5kCgNeilof74lY+Ndu3KBQlRRPt5UbhMZDoHKoVChSOFEvvCEWEQ2doVhCiKTNupKa0BWbQpyjmWdzCsBTI8gDBwx0ei1UM4gIKEACiKLNYRWaCJT6EA2lRNobQA4QgRjNTjqCj0tUdpLRBZEGyVjrqfBdtvilgHAIDQv9+QuP0bQF4SH3P3EAIRZvRJELM05SkUQD2OFErsq0YAA3VwJAGGXBMi0w6OlFaGIguKvVoRbZgzM6wFMjoIIQGaMzYG/f2lhuJSowwbD3REsFsJXbGTQoUjTQIKJbaVI4KRtVMDQogiA0An4qG0PogsOWRZkIV6ho/DrBEizcZr991BiMgrrdgQsnw8QFC0X1AkJ013ChWOFAolVnUjRBDiSHUjoW4SSitWj4os2RTFiUQdw1pU+QghDDBraYgOSAgRw8ZDgAS7VZEcNNUpVDhSKJQYFY4RjowBQKH9+inXg3qUhXpFtEPEYs6IGRNiDAE+ugKNvPbSjoBh4yDiRLtVEmsBnU6fQoUjhUKJPeUYlaZqhSYk5bqQj0QhslOxCxK6zHAWzBkR0kHEBuoFHJR8JAAASDCjh4ZUYIeyUEsIrVkUKhwpFEpM6UYIg5pwROtVKhHawZFy3QlISXRUSWItwxoxY0SMHiIOQKhVFYLrAUkAQZjn9W1FxInOarogE4UKRwqFEkOyEUAcwbgWqE79TXUj5TrVj7IoyjUSqsOsEbMmzBggYgPIR5eI1NSOEHOsPhliRrRfpHNdUahwpFAoMaIbEULBjYzx+54jCh1STbnO5aMiSc5LslCHWR1mLYgxIMwHlo8ePSCvrmIEKBBilk9CSC86LshiLaFdHilUOFIolGsuHQGMqJISQgBtSqNQACBEloR6WXIizGHWiDkLwrqgPqmI1x8AAAgIIBAAzBogSpUFveisUuiahBQqHCkUyrWUjerImMgcGQrtv0+huLSfIsmKJEsOLDlYPh4zZoBQOH2ISeM/kCDMI10yxKxgq6TN1hQqHCkUyjXWjhG+KGkaUije+lEWahXJzvJ2VpcMEBP++DN1sRoIMBvHG1nRWSUJl+lMPRQqHCkUSktUjYAoEn2HUSj+aofguChLDlaXiFkjABFUNwIAAIgxcIjDjEF0XFRkkX62UVolwdYT0ojD4SgtLf373//O87zLOmPGjP3799fU1NTU1HzxxRdDhw4NxkSuxmN/fX39kSNHli5dajQaaT7FAv6ykvjC/cS8vDxCSF5ens8SpVEGfIY2adKk4uJip9NZXFw8YcIE91PWrl3rcYkWLxxRKG8y4nNPdBLBlRd1dXWHDx+ePXs2hBAAcOHChZSUFI+DU1NTrVar+1m1tbVHjhxZsGABy7JNJQKa8VrNKm5aqe4P+NxotnjIYp2z/qxoP08UZ2O1IWFXnPrqEkfdWVly1tXVHT58xFVTaAGgXHfCEQAAIYQQms3msWPHdunS5fnnn1f3P/XUUw899NCcOXPS0tJ69ep16dKlrVu3BjS5AnT/w92UnJycl5eXmJi4fft2nU5Hs+raopGVsBGPv13ccccdx48fHzx4sHdx8neWv7LRo0ePgoKCBx980GKx/OlPf1q5cuVtt93msvbr1++mm25qRamuzsUTwemAAKJESzuqeZGampqfn5+fnz937lwAwPHjxzt16uRxZKdOnY4fP+5x1oMPPjhhwoRXXnmlCdMr3Gtdh+/mWLhl6MU1Sw1FEuzVzvqzslgLCIENw6eV8BSkKSnTlJx5060DHl+8fP78BY888lf6BqG0Nl5++aVQnzJJSUnnzp1T/7Zare3bt3e3PvHEEwFNGs8vjz2rVq1auHAhzaZrS3hZqXLy5MmpU6eWlZWF+gLzNr333nt/+tOfXD8ffvjht99+23XwwoUL33jjjdajBiBidXE6U1oIm9l9a6cztWN5S1Texx6J2bdv3+LiYgDAW2+9dd9993kcfP/9969evdr7rIyMjKqqquZRQiFdK5aLShPF7ZrfcmymOcQcZ0gxxN9iSuxmTOxmTOhiTOhiTOyquXVz3wgh7j+HjLzneMkJho9DmAuv5wn1OFKajeLgCLNLh06nMxgM6t8Mw8iy7G5dvnx5QFPwvP/++3feeSfN0WtL2FnZvn17s9m8bt26uLi4jIyMCKPRt2/fbdu2uX5+9913/fv3d/188803x48fn5qa2jrSHEbexxE2VQPg4cOHO3ToAAAoKSlRPY4PPPAAIWTmzJkAgE6dOpWUlHifJcsyQqh5Us/jWuPGjdu1a5fT6bRarWvWrElISHC9ldUE8tlaOm7cuIMHDzocjtOnT8+ePTsGC8n8+fPLy8sFQSgvL583b55rf0pKyqpVq8rLy20226VLl77++utRo0YFc8sxpZhTUlLWrl1bXV1ttVpdd6eRlevWrauqqlq6dOlXX31VVVU1a9asgFnpkVBf/b8vhw76g7PujChUA6I0LBNPiNYGPDbg/rOoqKx9+wzemK4zZfDGtgwfRwhJTW3rfV/+shIAcN999508eVIQhNLSUo/vtNgvopTWSUgeR47junTpsnHjRld/spUrV+7bt2/06NEuKelCw6TxOeWxx2KxVFdX02y6toSXlQCAGTNmrF+/HgCwYcOGe++9N6TvaW9TfX29Xq93/TQYDHV1de4H/+Mf/3Ap2pb+pQ4h5g1JOlOaztQ2LKdjO505jeGMgZfgDd3t0a9fP9XjOGrUKDV/33rrraqqqlWrVql5PXLkSPezdDpddnb25s2b3V3CTeTB8nmtb7/9dujQoXq9Pjk5ecWKFevWrQtYCEeOHFldXX333XdbLJaePXuWlpYOGzYspjxzeXl5JSUlffr0MRqNffv2PXHixD333KOaduzYsWjRorZt2zIM06ZNmzvvvPPbb7+NKT9WwAgQQjZt2jR16tSEhIS2bdu+/vrr2llJCBk5cuSwYcMIIaNHjx48eLCrv4RGVvpLKIhYTt/GEHdLg9Mx6I0Q4v5z6KjpJaVlxsRupsRuxsQuhvhOhJD/t/mb6XmzkpJT09LaqfelkZWEkNLS0n79+hmNxt69e5eUlIwZMyamiijlevM4hiAc3Tl58qTLr4Mxnjt37oEDBxwOx9GjR+fNm+f60NcwBS8cMcaSRGcwvsaEl5UAgPfee2/OnDkAgLlz57777rsRCkcPNxJCyOUHVQ9OSko6c+aMxWJpDcIRYd6YEmvC0Wg0Dh069MSJE/n5+QCAG2+88fDhw6oPcvny5QcPHgQAHDlyRPVHqo8LSZLUP9asWcMwTTWTQ/DXslgsly5dClgICwsL1X6cKmPGjNm8eXNMCaz9+/e7C4WRI0fu27dP/fvSpUtdu3aNRLc1w31pD44hhHj3gtDISkKITqfT6XSuP2w2W8Cs1EgoCBHDW/SWG8MTjinpPcZMvL/s5KnHFj9nTOhiTGho1yaEzJ77N0N8J525PadPxKwBMfz+/T/4y0pCyIgRI1ym4cOHFxYWxlQRpVDhGNjj2LVr102bNr3zzjsexzAMM3DgwMLCQu8+6RqmYDyONTU1NEdjhJCyEgBQUVGRmZkJAMjMzCwvL29qjyMA4OWXX160aBEVjlEXju7THcyZM0dV8BBCq9VqNpudTmdaWprD4TAajVarVe1Y6coCnuenTJly6dKl7t27N7XA8r5WQkJCQUHByZMn7Xa7eheKogQshDabLT093fUzISHhzJkzMSUcq6ur4+LiXD/j4+NdjTN///vfHQ7Hjh07CgoK/vrXv/bq1SsGhWPAA9LS0jx2amSlK0DvPzSyMlBCQczoeVM7Y3xnY0LXIIVjQ02x2YuOlc5f9LQ5qZvHATd3HWRM7NoQYPytesuN1TWXklLaY9aEGR3CXEJCoisrCSHuuRwXF+fqvBsjRZRChWNQlTw9Pf3ixYs+j0xPT6+srAzeFFA49urVa+/evTRHY4ogs7JDhw4eHgWPETahCsfS0lL3Mby/+93vXK1RroPT09NPnTrF83zLF46MztS2cYutpmp3Dh06NH369EOHDgEA/vOf/0ybNu3HH3/0edbChQs3btzYPELE/VobN25cs2ZNly5d1PkZTCaTt3PLp3D0KL0e3XxjWTgCADp27HjvvfcuXbp048aNNpvtpZdeanHC0XunRlZqC0eNrNROKLUm8sY0Q8LvjIldjYldjIkhNFUHOqCrMbGrMalbTc3ltBt7G+I7GeI66swZKWm3VFfXgMavLw/heOHChZgqopTrTTiG2VHd6XS6hmouXbrUw+r6BNQwBc+sWbM+++wzmqPXlvCycvDgwevXr3fNtbF+/XqPSXlCZffu3YMGDXL9HDJkyK5duzyO+fXXX7du3aqO0mjZwhGiFhHP48eP5+Xl7d69W82gvLw8l5r34LXXXuvbt2+7du2aIVbu1xo8eHB+fv7x48cdDodabDwOliTJu137wIEDqamp7pPFYIxjKuV/+umnnJwc92/sEydOuH5WVFR89NFHS5cuHT9+fI8ePR566KGAtxz7BMxKn2hnpXZCgYbJeqySo5rIQsNnGPS1haWfASGAKGXlp3r+oStELGQMmDH16tXrp5/KXEH26dPHdUJOTs6xY8daShGltEpCfjOxLHvzzTe/+uqr//73v9U9Tz311KeffpqVlcXzfGZm5po1a1y9lTVMAdHpdFlZWQUFBTk5Oa+99hrNqmtLeFl5xx13fPfdd66f27Ztu+OOOyKJxuuvv75kyZK+fftyHNevX7+//e1vK1eu9D7sn//85/z581t8ooc3jY67m4ZAABBo4tnxjh8/PmzYMJdwHDZsmD/h6HQ6//Wvf02bNq0ZEs/9WocOHcrPz4+Pj4+Pj7/rrru8e1lUVFTcddddHi/dZcuWffLJJzk5OQaDIT4+fuLEie6FORZ47bXXXn311V69eqnDJgoKCgoKClTTrl27Zs2a1b59e4Zh0tLS8vLy1K6o2rcc+wTMSp9oZGXAhHLXjoL9vCLZ/YpEl3yEmhvwsefNt//nxeWLb++ZbWBB98wbXnhuyYoVL7s8pgUFBX379jUajTk5OQUFBc8991xLKaKUVktIg2OcTmd5efnLL79sNptV07BhwzZt2lRTU1NfX19cXLx48WKO4wKaQKCVY2w2W1FR0bJly1wXolxDtLPSlXEee06dOtW5c2fXzy5dulRUVAQ8C2iuHDN58uSSkhJBEI4fPz5p0iR/4axbt66lN1VjRhdOU7XpqnkcGd7cFPM4euQIIaRjx44AgI4dOxJCJk+e7O+sgQMH+nwxN0UMXdfKyMjYsGFDVVWVzWYrLCzs37+/x8Hjx48vLy+XZdlj/5AhQ7Zt21ZbW1tfX79lyxZ1qHgzozGIBEL46KOPnjp1ShTFioqKBQsWuM4aNGjQ+vXrL168aLfbT548uWLFijZt2gRzy815X2EcoJGVGn9oZGXAhPKslaxeb+5wpc3aayOE+DNpHGBK6rb4qRdO//yLd1aqs1y5puNxn2MoRooopdUQZFM1VIXj/PkLaJJRKLElHFk9y8e5eTOCBjb+R4gs1ktCHSEKTU8KJSogzLL6NgwbByCM0rJMUJFsorNKEmrpyvKUayscgzmMoSlFobReruUybhRKq0SRRcFWCfSE4eIj1o4IEEUSqiRnjSw5aNpSWgRUOFIorRUCAAQQAUC1I4US1aqlSILNCgBhuHgAYMg1jKiVEhHZITmrReclQuhoaAoVjhQKJeoqMFQgAJCOsqRQmqBCEkmwWQmRGT4BEhya3xFCAIAs1or2C7Jkj1J7N4VChSOFct2/miIPA0IEIKQvJgqlCSqoLNgvEEVidUkQssHpPwggIIooCbWis4rIIk1GChWOFArlmr/Q3L2TEEJIdSOF0kTiUXReggAyfCJEAbUjBAAQySEKVZKzjjZPU6hwpFAo0RaAV0nAUFqriWuiYgghBoA6NiiUJqqmiuisIYCwfCJEnH/tCAEgsmQTHVWyWE+bpylUOFIolGi/j3wIxdB7OkIIEe3mSKE0aVVVROclADHLJ0GIfIlCSIgkS3WSo5qOnqZQ4UihUJrqfeT9+gkjBIQY1dtBE5RCabLKqkiOKgggw8dDyLhVNwgAUGSH6LwoC/W0eZrSCkA0CSiUmH0VRSEQCCBi6IQ8FEqT11eiiM4qSbzs8ZFGZKfguCA5a6lqpFDhSKFQmvI9BIjXqmskdMchBBDT1moKpVm+9WTRflESaly1VJHrnfZzslBLXf4UKhwpFEqzqMewvYWNC/ZCABGinVIolObRjpLoqFKkegCgIjsEu1UWbTRZKK0J+jqhUGJXNBKiwMhn8IYQIhYA2iWfQmkOFFmQnFUAQEm4JIt2miAUKhwpFEqzKUcZADZy4Ug9jhRKcyIJ9bLoILR5mtIaoU3VFEosS0fiW1CGqhwhA6l2pFCate7K0RnfRqFQ4UihUIJ68QCiRPjiuTIlCKJORwqFQqFQ4UihtGblCKIzfweBECGGoylKoVAoFCocKZRWqxwVRfYvKkMBQoi4KIyzoVAoFAoVjhQKJWalIyEKiGT+buKSjhhi2lpNoVAoFCocKZTWqhuJEq3VJiBCCNHWagqFQqFQ4UihtF7lCBTJny2kgACACLO0tZpCoVAoVDhSKK1UNwJFidzj6GqtxixtraZQKBQKFY4USmtVjoQocrQCgxAjzAEIabpSKBQKhQpHCqU1oshR6uZIAAAY62hrNYVCoVCocKRQWieEyIRIEQ2sdgMiBmEuWqFRKBQKhQpHv4wdO7aoqMjhcBw9enTUqFFBmjTIzc394YcfiNeiaoQQQkh9ff2RI0eWLl1qNBqDe79qneXvWgEDdMfhcAQ0BUNKSsq5c+d8RkbDFGqA4WVKsxWA3NzcjRs3VldX19bWHjhwYMaMGe7WuLi4l156qaKiwul0Hjt2bOLEicHnl8PhKC0t/fvf/87zfEBTeEUUAGAymZ5//nk1hsXFxdOmTYskhhppSIjir7W6b5+cD957/cyposrfTuze8dW906fAxmZoe+3Zq7bLZ+2XzwJAAEQIs83WWs0wzOLFi8vKyux2+5EjRyZMmHCtnnRRrw7hFZvYpzkTqhm/vvw+sbUfRBQKxTcvv/xSwGOysrLOnz+fm5ur0+mGDRt2/vz5rl27BjRps3379sGDB/sUjgAAvV6fnZ396quv/vDDDzqdLphHg8ZZ/q4VPM8888wbb7wRqskn69ate/HFF31GRsMUUoBhZ0qzFQBCyPbt2wcMGKDX67t06bJly5YlS5aoJp1Od+jQoZUrV950000cx2VnZ2/cuDHIAgAAYFm2U6dOa9euLSgoCGgKr4iyLLtnz55ly5alpaWZzeb8/HxRFCOJoXYaMrxZZ2rrve3avW/WA3+56XfdLQntu/cctGXr9uX/XKEzpelMaYQQ9Y8rm1nd0nljCsZ88zgdn3jiib1792ZnZxsMhl69eh06dKhnz57N/4iLenUIr9jEPs2cUNcK9ye2xoOIQrneKA6OYIXj6tWrFyxY4Pq5aNEiV8XTMAX5Lai9Z9WqVQsXLgw1HJ9nhf0oN5vNVqu1Y8eOIZl8Mn78/2fvXWNkya5CzbXW3jte+aqqU+ecOo9u0zZg2d02vh65fQX8QTAXyZiXzAjxA2F+gAAhJC66NppBGuAHf5ARFsMwjC0xIxDIEgIJoZHmB/dqbGMwYLi225a7sdttd/fp86xHviIjYu+95kdk1smqyoh8VFadOsfrc8l9qiIjMmJHZMSXa++19o+88sorjUbj5M7ULFp2g6c8KedwAfzu7/4uTsW9nnrqqTt37pT//rVf+7U/+7M/WyGoMP3rpUuXbt++PXfRapfoL//yL3/84x+f/ssHP/jB0+xhfRsqHYWNK1Hz2gl3PKKGb/7O//DgwW6lOI7d8Xrcum7C1vkEHV966aV3vvOdh78+//zzf/Inf3L+d8O1fxxWu2wuPo+koc6ZY3fsmhuRIIg4nkocv/zlLz/77LPTX0y/9KUvzV00fQ+tuo3OFcfnn3/+M5/5zNwNLrhWzV2+ZumHPvShKpWpWjRzg51O5/XXX3/f+953cmdqFq2wwUVOyrLX0xldACXb29sPHjwo//2Zz3zme77ne+Y+lesvgBs3bnS73bmLVrtEP/WpT333d3/3Gvewvg1R6TC5XG6wxh3f/J3/4aDbnSeO16LWjTC5jOo8ioEPh8PpwH+SJF/5ylceyd1wvR+HJ1UcH0lDnTM1N/NjNyJBEHE8lTj2+/0kSQDg7//+7z/1qU81Go1erzd30VrEsd1u7+3tLftUrlprBXEMw/DWrVvT99NFFs3c4Mc+9rFPfOITM3emZtEKG1zkpCzF2V0AJb/1W7/1h3/4h+W/9/f3f/zHf/wLX/hCmqZf+cpXfvVXf5WIFr8AgiB429ve9jd/8zd/8Rd/MXfRapfo3t5ep9NZWRxP7kZ9GyJiEG3WiGNr4+n3/Mfv/6//7ZN//LH/ewFxvB61ruvgPIKOL7744nPPPXf463ve855+v3/+d8O1fxyeVHF8JA11ntTcsU/eiARBxHEmi1YDjuO4HE2slAKANE3L+0v9oukn38pHMhgMWq3WshucuVYNNRv82Z/92X/6p3+a+c27ZtHJDX7f933fBz7wgZljhmoWrbbBRU7KUpzpBfCjP/qjP/3TP/2e97yn/LXVan34wx/++Z//+S984Qtvectb/viP/5iZf//3f3/uBqcf1S+//PJ0ULBm0QqXaKvVmitAS+1hfRsys2cbN3dmqR6nvTfKf33+8y/8z//Lzx4uSHu3jp/E9vVyFQBUOvIu8y4/09vQxz/+8T/6oz/6xV/8xa997WvPPffcRz/60UXGK6+dtX8cnlSe+IaquWOfvBEJglDJUhHHkpkBp5OLVvtefjJ2uL+/v+x2Zq61QgxAKfXVr371ve9971KLZvLVr371F37hF2buTM2i1TZ4ypNynhfAj/zIj9y+ffu7vuu7pqV/+t79zne+c5H+zel43tvf/va//du/PRyGWLNotUt0b2+v3W6vHII6uRtz21DpOEyuzEyRiZrX2ptPv/d7/sdPffof/rf//eN1EcfDoGPzWtS6poMWri/oOJ2yOv0Z+dCHPvTiiy+WWdU/8RM/cbIf4DwDaStcojOPa7XL5uKz9vvGhaL+jn3yRiQI32qc7RjH5557rmqI2/SitYjje9/73n/8x39cdjsz11rhVv5TP/VTf/d3f7fsorlPoGOPoppFq23wlCfl3C6An/zJn7x3796xTNsXX3xx+ukVx/FwOFz2Arhx48bhWKWaRatdop/+9KfnjnFcag/ntiGSDuLNKnEsf97y1nfv7u4tJI6ta1Hreti4Qjo8z7vS937v954ceXw+d8P1fhyeVHF8JA11btTcsWfeiARBxHEmi9Zx/PSnP/2DP/iDh7++733v++QnPzl30Vr44Ac/+Fd/9Vfns9ZJfv3Xf/13fud3ll00EzwKTPVm1ixabYNrPylncQH83M/93Mc+9rEf/uEf/pd/+Zfpv//DP/zD9NPrO77jO1599dVldzjLsqo2rFm0IJ/4xCeOpVH/zM/8zGn2cG4bMjvvbIWLjP9IRNosPhU1IyqlAjzHGQh/6Zd+6S//8i/P/2541veoJ4Ynu6Gq7thVNyJBECpZvI7j93//94dh+AM/8AMny/jNXDT95XvZ5Jgoit7xjnd89KMf/dznPhfH8dwNLrhWTXjg5NIf+qEf+uxnPzvz9TWL5h7yIjtzyg0uclKWYu0XwIc//OGiKN7//veffK/3vOc9n/vc555//vk4jt/xjnd85jOf+fCHP7zgBQAAxpi3vOUtf/7nf/6nf/qncxetdokGQfDZz372N3/zN69evdpqtX7lV34lz/PT7OHibTgda/yv/+2T/9NPfnDn5ls3Ln3bf/ze//T/ffLv/4//8/9aOOJ4LWpeD5MrpM4w6PjXf/3Xzz77rDHmmWee+YM/+IN//dd/fSRjHNf+cVhIzB/bOo7n3FDnQ9Udu+ZGJAjfaqy5qxoA3v/+93/pS1/KsuyFF144OXFI1aKap3JVz2z563A4fOGFF377t397Zo7LzKdyzVpze4Fn/v3Tn/501dqbFBMAACAASURBVJwlNYsugjguclKWZb0XwMx+9u3t7XLpj/3Yj33xi18cjUZf+9rXfuM3fkNrvfgGsyx7+eWXf+/3fu/wGqhZtNolCgDtdvsjH/nIN77xjTzPZ84cs9QeLt6G0+L4/f/pR//2//l/9w8O+oPBF1/48n/59f+12XnqUBxPcrK3OmpdD6LNs5u9+gMf+MBXvvKVPM+//vWvf+QjH5mbin52rP3jMPezv9rIyEfOeTbUeVJ1x66/EQmCiONJsBTH//yff02aTBAuODpIVNDC2ZO+LNzjfOSFyN4X2b63I2leQRCEb3FxXORlJC0lCI8L3llgf9qtHA2BIZHS0XmOdBQEQRAeX0QcBeGxgb1ll1cU7l6tS5QBQKnwTEc6CoIgCCKOgiCcuziyd64A5iU6phe6DShlEiQtLSwIgiCIOArCk4N3uXd5hTguHHTk47+QjrRpgHRYC4IgCCKOgvDEwN55mwP7tQYdGQCUjpWOpYUFQRAEEUdBeHLU0bmRZ7vu6CADkTYNkg5rQRAEQcRREJ4cc/TO2+y0QcdZpUJRaRUk0mEtCIIgiDgKwpOkjiPv81neeMpy06hUrFQkTSwIgiCIOArCE4L31tvstJY4K+gIpFTQRBVIIwuCIAgijoLwRMDsXc7sTpsiM0s9SRltYgTpsBYEQRBEHAXhicB76+xolvqtIQ6pdEwmBnFHQRAEQcRREJ4EmF0xZF/M0rtl3HFmhzWSDtpKy3QygiAIgoijIDwZ6uitG9d0XD84HuxopJ0FQRAEEUdBeBJwxdD74iykFIBJBdokiHKXEARBEEQcBeHxh9m5Ysh8upGOXPlXpWMlgx0FQRAEEUdBeDJwduTd6Iy8FJCUachgR0EQBEHEURCeFHcs0lmleU4fdAQAQNLKJEQy2FEQBEEQcRSExx/vcpsPeEaWDJ962wwApCMdNhGVNLUgCIKIoyAIj7872pG3o3XPXj3ljipSkigjCIIg4ihNIAhPAMzeFQP2+dkksjAg6qCpwzaSltYWBEEQcRQE4fHGe1cx2HFt7qh0bALpsxYEQRBxFAThsYedHTmbMvgV3XHukEhE0okOW0jijoIgCCKOgiA81ubI3hUpuxyAJ+64ZH4Mz1uGoEyiTYukz1oQBEHEURCEx9sdvbX5gL1bUAaX3Xz5HxUkJtokFUiDC4IgiDgKgvAY413u7JD5zDqsAQAAVaDDttKRzCsjCIIg4igIwmOMK1Jv0ykHXH/QEYBJhTpsKxMjijsKgiCIOAqC8HjC7G0xmFR2XN7qFvVMRtI6aEmJR0EQBBFHQRAeZ3f0rsh73mUTd1x3lswEJKWDjgk7Mi2hIAiCiKMgCI+xO7piwGzP/J0QlI511JF0GUEQBBFHQRAeV5zNbHbA3q4SdKyV0uO/I5AKTLihw6Z0WwuCIIg4CoLw2Lpj3mN2sGwKCy+5mAGV1qZlwjapUFpeEARBxFEQhMfWHY8UdzwDypgmIunERB0dtGRyQkEQBBFHQRAeO9gVqSv6zH7J9VZ4KwAAJK2Dpok6SscgxXoEQRCeFGTSMEH4VsEWKQAq01guEMg19Xyql3FpjzFSQNY4O2JfMLOcBUEQBBFHQRAeB5htMWQAvaw7nuItkZQKmqQjZ1NnM3bFWnN0BEEQBBFHQRDOzB1dPgTvVNBcouzinKAjPFyMU38b/4MBAcnoQCudsMucHTmXgUQfBUEQRBwFQbj48uhsxsA6aBAtnPvM9RPQHF18rPLPQ33USBpVqEQfBUEQRBwFQXhc3NHbzDLrAEiHa+o6nqOWR/VRoY6Uy51Nvc2ZvfRfC4IgiDgKgnBx8S63eU8zk47WYoZHqCs3zgCASKgj0hF7523q7Ii9E4MUBEEQcRQE4cK6Y1H4rgZWOj4ndzyxBSSlgpYyDe8y7zL21jsrBikIgiDiKAjChYPZ2awHpTsinW7Q4WJeOeNVDIikYzIJeOdt5n3BPvfOMvhxH7cgCIIg4igIwgVxR/ZemRhJA/DaPG25+bEZmAGRTKKAvbfsC2bH3rMvmD2zB/bMLB4pCIIg4igIwiN0R2/zHvtcBS1Spt7ulkivhkU7rI/iGcYp2AAIUCojA1vvLXvrXcHA4D2Dl7xsQRAEEUdBEB4BzmbeO2VirRMgVelk5+GOMFlnnEkDiABaKR73XDN7duBzf6iP7CdRSSdT1AiCIIg4CoJw5rC3Nu+zt9o0kfTicrjSmy21kUmlcRz/P4ECZWi8hB92ZLP1wFD+OtZKz96XusnSzS0IgiDiKAjC+uSRXZGyd8rESsVAeIautbSAHtsVnPwfIdLk94gOo5XM4zBkqZIA4yGSh/9mHneFAzMzsz9csf6tedYfBEEQRBwFQfhWxLucvWPjlY7qQo8L+iCekVlx7R8RkBAVHtkXxEN9fCiIXPZuP+zjZg/gAWiy88cGUzKznw5esmcAD9O/Mz9sg4dKOkPTj4ooz9RSQRAEEUdBEC40zM7mfedSrRPSEZI6PpEgzlU6PHt3rHi76b/zDFMDAAAar4Hj0CUedd2aA2Vg5BqBPZb6jWWu+tSf/OSXsnu9LH4Ok+AosLeHW+CJ4E4HRCW7XBAEEUdBEC6iPVrfJ2+VSYjMqTa2YpbMWevmOAOnpu+ZZ0gpcrUV47FXM87Q2smvhFMuO/0vLC239EY3Fkd2wMzg2ZfG6QF8KZIg5YoEQRBxFAThAsijd0XK3iodkY4Q1cLOt64M68VFEM9q3ePL60Y48gnJrLFp5qmxmg/jnHTEQ7HqXl1aoxsnlXvHE7N8mGkOHrwIpSAIIo6CIJyjPXqXsy/IFcrEpIKx46zLHde3n2cYwDyTbZeRRTyhmwxHPBKPNeEEAgBCNf6TQkBgZgTPk05wYB4L5TgBaNoyfZXrCoIgiDgKgnA6x2F2NvUuIxWO9RFpPc5RNUbxXP1ugRXPyEvLkCTjjDYpmwUXDHCOdZOZEAgRAA0APrzTMzOWIybHvdvMDrz1bNkVnn2ZBiSV1QVBEHEUBGFd+uidTb3LlUlIR0R6klWysGpgdT70t6w7lvrIuC6rPmKTPK2gCGXpovFJY1BAeJh/44BdmVPvfTHO2hkPnRQEQRBxFARhRX10Nu+jTZUKyEREYVnoZlHVwrPuHT2NO8L88Y5wlqFHAOQT4yKXOqDDtXnWwEw+nu2DcGiTCgCIIgAoY5PsLbBjbz078JbZeW/ZO/kICIKIoyAIwpL26K31Fl1OKlAmIRUcU5Sl3XGd8byzzJU565ZFnu2OywprVRTz2BHOqByJZd44kio3oqDM5nalRwJ47513mfeFFJ4UBBFHQRCEhS3HW+etd7nSoTIJop6qSMNLq9gjdraF9+OM95Nreq6XdUeAmZuqFdFjIycZABEISQEAKABgQs/esXfAhXeWXea9A2CePfWOIAgijoIgCFP6aHPn7IhUoExMGADRREsqNOLidlhfiM2v831rQ4+w0Pb42KlEJkQFGoAjMjyeE5xz7wrvCmbL3o8rnAuCIOIoCIJw0i3YO+dTb3NSRukIVYCkVsnseFw6rM/UHattb8Vua4BT6+OJ9cY+SYiECoANKlDggT17633mXVHWA2LvpEdbEEQcBUEQTvqjc9Y5myEp0gFRQFUGWRWRfLzcEc4y1Xr8LrOSj1YLPU42uMZDwSO52wioABWSIY7BlIMjrfc5ewveOpczOxkZKQgijoIgCEcF0luXW48ZKk2kiQJUBlEdnRf6fBJl4HR51vDIUq0nwsczhW9115vTeX2Ko5malhsRABEUkiIKAZjBKW/Ze+bC28x7C+X0NtKjLQgijoIgCADA7Ng6DznSCFGRCkkZJINIxw3yDN3x9Jt71D3X1Y69oj7Wdl6v52imdXAskQaVAQXAno1j79iXwyKzyWQ2YpCCIOIoCIIAzN4xOO8KJCLSpEJSGlADECLOtpQ1R/IuSs726gdQP/BxtdAjrH3sY41EHu4lImpUBiggzcyOfeHtyLuMyyltJAYpCCKOgiAIkxwa51xeVnghFRJpJA1IiHSB3e5CBB1L1ZtR6PE0735u+vhwew/rRyIQEgEZUjGAZ1+UsxNxWTNSDFIQRBwFQRCAmcGxc97lAICkiTQpg6iBNBIhqDMo2fMkdFhDVZHwU1peTTjzbIdx8mSebQAgVDGpGNh7nzubsi/Y23I0pHxoBEHEURAEAWBSSNzZEQCSMkgaSSESokIygGV3Nsyyl3OOSF0gdyz/s07Lq027hrPPAiovhfG+qMioGNh5n3mXe597m0lZH0EQcRQEQTgqDi6HMgw5FkcCVIgKEQEJUZf/AEQEhMPxkYg4Dl2dtVgskHl8HoZ1qHpYOU84nGHn9VkfH5YGiahUrFTCYL3NvMu8yz0X4J1UFxcEEUdBEIQpQWHP7OFIF2UZeUQAHIckSSESwDhHGxEBFYwLCiIAItJRHxmL5pT04NGl1bnGyPUiNb3r4wVYO33OukR2en9nluyB0wUgZ2654qhw3RfBpCebSCekE2DPYL3NvcvY587lMg5SEEQcBUEQKj1inFjh3FhU8NBYGGHSqY0P/zEtM4gIQBWeVG5rdnFsRBgPu5yxosIjpYWmbJUBcPwrl9s4rHvOx/1sPeHSquGPp2deBZ+HR3w2Z368bURko7QmE7O3ZEfsrXcj7wr5eAiCiKMgCMI8UZnyLgY3L/y0qtUgIFDF2nisotDRMCciKkDPgDhx1sMylkh6IpqIROPiRBM5mzLAYz5Wd5Bl6szxF/F6mmERfTzLvuzD040IiGjIGAbPPvEu9y5zRSqDIAVBxFEQBGF95rG6sbiqtZfdKE4NzZyKUOJYTwGACMuRnVSO76Sp0Cke1k7Ho+Vtpt0Rqqr2zBTRM9DH8zLIsqBPSBSySZRpepe6IpVikIIg4igIgvCk2Ou447W+fxoRj4zULMd0AioihWQAFNOk+3vWNDxc3219+gyeeVnY52KQ0+2lldZKh0o32aXOpt5ZmZBGEEQcBUEQvkX0clai+DidnACAUAGpsoI6ogKk8YDLcUQTHxodVzvd6W3ughjkOMRIpAIgQ6bBLnflhDS+NEhBEEQcBUEQvtV8Erisd+jAggM3yRBCpIlEakAiMkAKUU1ychBhVv/tGm1uOr652DjII2uvqYHGWTRgUGtSMYNzRcrjepAyG40giDgKgiB8a7vkODDJznkHkJXd3DiJRCIpJIOkAdVYH6tsbo2RwNqpaM78/RkAxpUgEbQ2LYbEu5zdyLtMivgIgoijIAiC8NCbmJknpdQnZS8VkiJliCIkVdYJmlQ3mvatco01uePx/Vq0L3v29lZqiXJNBFI6Bh0xO+Vyb4fOjtjLCEhBEHEUBEEQjtmTtwwWHHhLgAMijSpQKgRUSAqQjuvTGU1+s/BoyEW0EpdekwHHOTSkQ7K5twNnM0nBFgQRR0EQBGG2QgJ75y24zMEAiJSOSIWIpgxDHhG0s06HXqysz4IeuZBTTkKsiEqpmHSoXWHtwNkRy/BHQRBxFARBEKoUksGBc9ZZxAGSJh2RCokMkmI+OhJy/QFIBwDACg+n2j6dRC7ulIeHD2XaOQUmCJQpXDHwNvXOSue1IIg4CoIgCDUKyexy73JELNNoSIdKx+XE3w9FbFqo8LTvaYsB+wJRkTJIAZIGRETmaXdcfpTkan6JaEyw4YMmu9wVA29HLNFHQRBxFARBEOYopMvB5c6OHA1Ih0onSEFZ8IdPptGsbHGklE5s0XXFwBXlHIyHuTshkobDWRkPp08sJfLMVJIBEDQpTSr0LnN537tcqj8KgoijIAiCMFejvHe5d7nLh6RDZRqkDIDCciLDk4MgYWmPJDIm3PQqLPKudxbGuTsIQGXGNylDKkQKylm8gelh9/m0PuK80CAvl0WDoJRKKI68G9msx74QfRQEEUdBEARhAZFi54qhtyMko0xMKkLSCDQOAc7MxV7MIBkZmJRpIGmbdZ3NxpPlgCsLU3qXIw4BCEmTCkgZJAOoaOyRU+9Z7464XKfzJAOblEooDrwdWpuyE30URBwFQRAEYSF99Owy7zJERSogHZBKiMzE/6rka55BIjMAUmRiQ3nfFgP29uj7MoBj57zLoCxrTgZJIykig+UPEHPZqw3MS2ti3b4xAmoy7cA0vMudHfpixOzkehBEHAVBEARhEYN0zqbeZaRGqCIdNJB1pT7CrARlnKFowEoFLVTKZn0/Llo+890fVjVHVIcGSSoEZRAIAYHpMGX69O4IUPZ0K6ViUoFXmStk7KMg4igIgiAIS+ijdzYDl3ubkgrJJEQaQQFAOc9gnbLNTM0uu611AylwxcDlw7mBPWbHzoEDh4ioEBUpTSqYJGgTjruzmU9pkDjeCoJSOiEVeF+4YuBdfiw+KggijoIgCIJQ4485+8LZVOlY6RhJA6mpWVrmVUTko5sDIAww0ETG5n3vioVKKjIzWwbrXYY4AkQio3QIFJQTLQLTWqKPDACMiFodZl6LPgoijoIgCIKwjD0ysLV539lU6ZB0TCoAJEAARlyqmjYDAwMimYZRgc27rhjBMp3CzA4YnLfOjRCIlEYVEgWoDOJkXpzT6yMAMpX10r0bSeEeQcRREARBEJYUSG9tbtGOlE6UjlAZRoIy7LiUQTIAAGFgwk2knsuHq4T0mBmcsw5sBoBKh6gCooCUgdIgyxo9q0YiJ2M6qey8tvnA25F3ucw6I4g4CoIgCMLCRuWdzXvOjpSOlImRTBl9HOfO8DjoN1evGBhBmaBDFLq86+xpnIydHYEdIRKpEJUmFSEZJAJAYJyjjzzHTxG0CTpex86W+iiTFgoijoIgCIKwhD4WNi+8y0hHSieozDgRBqdmn5lXl5vH+cwxhgqg62x6SiFj9s6mYIEoRTKkQ1IRokZEYKxMDF/EcRGIAgwNq5G1Q1+k0nMtiDgKgiAIwhKM554pUqUj0jHpEKYTZhboJmYAQCAKTLypirAo+uyKNeyYt+CtsyOkPpIu5zkkHSIowMpJqvGh8fKM/QQGQNKRUSHrhrOpK4ZS9FEQcRQEQRCEJWBf2NyiTZVJdNAE0IBLRePKejpEQdOQttlBTaHHZXeNvWVvvc2QhmRDpUPSEYLhSTXxabud47kIk/qRiDrUypAKXdF3diTXgCDiKAiCIAjLKZrNe97l2iRKJ8vmW0/ieaHBTZvtO5ute/ec80NvR6iGpAKlE1TBpDN92Q5sBgBAIhOjMmSHNh9IyR5BxFEQBEEQlrXHUeFyp1IdtpEMLKePDACoAh1tQXbgbArMa99Btpm3uStSIqNMRDpBpOlpsZfbW1LKtEhFrhi6os8sSTOCiKMgCIIgLCNnzqbeF9okyjSA9JJOxkjaRBuUG5v3z2YQIbO3zlvvMqShNgnpGJAAVwpAIqAymtpE2haDRauaC4KIoyAIgiCM1czbIus5O9JBg3QMqJZxMgZUKmghqSLvrSVdpsof2WW5z6kYKBOTilFpZJokxyzjf5Oq5q4YStKMIOIoCIIgCMvbo8uLkSWTa91AFSAiLypk5QQziUG11nSZCn90uXcFqZR0pHQ0Lk4JSwYgEVAFmjQpbYshu1x6rgURR0EQBEFY1soG3mbjnuvxxICLuSOg0hEi2qzrXAZn62E8qS5UZs+E4/7r5fSREUmZJlLo7MAVQ/YSehREHAVBEARhOSkre65TZRLSCZJaVDsBUIUm2qKib/PBOXQBl8MfnU2JhqU+LpXlw8AAiMpo1VE6tnnf25FUCxdEHAVBEARhSSVzBfseuUIHzUl38EI2hqRU0AIkm/fPqfANs3cZ+wJtpkxMOiZSDIvHSgEAUYUm1I76rhh6qdcjiDgKgiAIwtI+VgzZF2QSrRNYKPTI48o3QRORzjRd5uTessvYF2QzZWJU4cKxUjis16ODNqnQ5j1nM0m4FkQcBUEQBGE5vCu877IrdNBCMoALehgq3QCgIts/z4LbZYEh5zKlI6UjUhGQWqLnGpF0ZEhj3nfFQLqtBRFHQRAEQVhax1wxZG+VSZSKQS0UegREZWIAf55xx8mbe1cMvR2RTpSJSQULd7UzAwBpHbYQ0RZDmWZGEHEUBEEQhKXxLve+8CpVQYtUiEhcq2Jl6gmZRkC6yA78mmcmXMQBvSv63g6VjlTQRAoq82b4pPWSCtukIpt3pdtauICQNIEgCIJw0WF2NitGezbvsXcICHO6rsczE5pwQ+kIFuvnXrs+2mKYp7su77EvA5843rXDnwqVRB3ocEMFCSLKyRdEHAVBEARheRXzzma9Itv3rkAAXMwddbihTfxI3BHGNYa6drTn8wF7O3+vJ2aJpE3Q1kELUcmpFy4O0lUtCIIgPE726Iqhd7kOmso0EZHndOYyKqOjDSBt8x48mmla2NnM2YxUoExDmWQ88HHuvpRzKqrAZT3nMjn3goijIAiCICwvYt7arMfe6aCFpOZNUciASgctYGfz4SMcNehdzt6xz5VpkjK1+/FwIakIQ4L8wFlxR+HRI13VgiAIwmPojuxs0S9Gu97lCDy/2xpJB20dJI+qz/rhbufDYrTn8kGZAA7Hrffk4EdGFeiwo0ws51145EjEURAEQXh85XHkvdUmUUELkZhr446kdNgBVC7vP9JCiexdnnurXKZMg1QI8yebYSRjwg0k7XKp8iiIOAqCIAjCihZmi7zH7JRpIpnalwIg6aCFgDbvn8OU1nPssRysaRJlGoALVAtHpYM2Atmiz97JqRdEHAVBEARhBQljmw/ZW6UTMnHdKKxxpnUTEG3WZ37ERbZL6/UuVyah+WWDuNx5JLL5wLtczrwg4igIgiAIqziYs5n3VrFTpjGvhA0q0wAAm/cf/QQtkw535a3Sybx5rhkAlG4AKpt3vRV3FM4bSY4RBEEQnhR59M7lfVcsEkpEZRraNOBiVNhmb23es3mXx3FErJVHJhXpoE0qlJMuiDgKgiAIwqoGxt5mfTvaZ1/M6fhFVEHTBK0L4o7lxNz5aM8VfZg//pJJRybqkBZ3FEQcBUEQBOEUCubsqBjts03r3JFLd2yZoIV4UZ6G7K3N+kW2z5VDGCfzFXKZat1ROpJTLog4CoIgCMLqeJfl2YEvBrXuyGXcUQfNR1vf8ehOOVekRbbvbXp0r/hExUdAMjpsizsKIo6CIAiCcDoDc7bIui7vHxWv6R8AZgBSQVOHrYvjjgDgXVGMDlzencjizGI9XJZ41GFbmUTOuCDiKAiCIAincEfvbNZ1eRfAV3shA6AOmjpsIV4gd2R2RdYrRvvsbe3zmpG0DlpKxjsKIo6CIAiCcDr98kXes1mv1h0BALVpqIvUZ13uviuGRbbPPgfAmn1DUjqQXBlBxFEQBEEQTi2PNu/ZvA9c646otG5ewLidt1kx2vM2LYOjNbtvgjapQE64IOIoCIIgCKfC5X1b9MDbuj5rUjq4iLkm3hVF3nXz3BeVMWFL3FEQcRQEQRCEU8Hsbdab6vad/SpUgYk2lY4v3P47W2S9YrTHrqh5GarIRBtSG1wQcRQEQRCE0+LsyGZddlmNoQGqSY0bvGC7z86OivzA29HsNOvSfUnrsEXKyOkWRBwFQRAE4bTuWORd7zKolC8mMjpoKX0R+3y9zWze8zYFrpRHUoEOmkhaTrcg4igIgiAIp3avrOddZZ81A6MK1UXNNfGuKPKeLQZ17qgTHTSQlJxuYY3IdxFBmMGVK1fe/e53h+Gig4Sccy+99NJLL710+Je3vOUtb3vb25Ra6JbtvX/hhRdeeeUVnvUMaDQa7373u7e2tk5zRIj40ksvvfjii85VzoHbbDaff/75drvN1Y+iY9y6detLX/rScDisf1kURc8+++xTTz21+Jbv3LnzhS98Ye6Wq9jY2HjnO9+5ublZn4X60BKY79y588ILLwwGg/pXJkny7ne/+9KlSwvuCTN/85vffOGFF6y1h38MguC55567ceMGEdWfNVsU//pv/3br1q1ji27evPmud71r7gXmvb9169YXv/jFPH84f10Yhu9617t2dnYWb89XX331i1/8YlEUzzzzzFvf+tYoihY8laPR6POf//zt27eJ6F3vetdTTz21+Ju+/vrrn/vc5w7f6Kmnnnr22WfnfioRsdvt/vM//3Ov15vnXpnNwEQKyVSV1yYV6qBdZHvs3UW7TbG3Lh8ggDKNGdNtMwCC0gmwL/IBsJcbu7AWJOIoCDN4+umng2CJMINSant7+/Apboy5fPmy1ot+MSOijY2NKgl46qmnNjY2TvuMYX7Tm97UarVqXtNut5vN5rKGffny5bk1kzc2NpbSFADY2tpadpVjOzZptIXGqCHilStXrl27NveVnU5nc3NzKWXf2dm5fPny9B/jOL569epc7WPmIAyvX78eRUeSfMMw3N7eXuQCI6KrV6/evHlz+o+tVuvatWuLSzwAXL16tTyEnZ2dOI4XXzeO42eeeSYMQ2NMq9VCxMXX3d7evnHjxmEz3rx581g7VDVau91e5LIcu2PeZV+Za4LApENlEsCL+LhkdjYfTOKO+FAZx3PNMCAp01AmvniDNYXHFYk4CsIMwjBExF5/uLvXQ6x9ziF0Ws2NTms6dLS5ubmxsYGIt+/ez7Ki5gkXReGVy1uEOBqNvPcztaPT6WitB4P07v3dFaa1YOYwDK5sb4Zh2G639/f3a/S33P7d+3ujUVa3TYAoDK5e3iKiJEmUUtPhtJlb1lo75+7e38vyAudYOF27um2MWTziO+PWpjUROuf3Dnr9/rCm3RigEUeXtjpEtMg7lrrGzG/cuW+tm9dKZntrQ2udJMnJjQDAg72D/iDFitWN1pe2OjduXL99+/Zrr702fVWU0jlMs93dfT9LxRggNPry9lYQBMe+DxhjENF7frC7l46yusZhTuJoa7OtlCoPQSmllOr2+vsHPe/nfDTarcZWp9NsNrXWaZpaa4koz4vd/e6o9n0R8drV7SiKtra2ygPf2NhIkoSZ97v96Eu96wAAIABJREFUg4PezHUZIAxMeVmWF/MikuqKFBh02J6KO/L0NgFRmxYw2KIPy9j2ObpjD9ipoIVIxyOnzIBKmyZ45+xI7u2CiKMgnNG9mAHgwe7+F778MhFi1SgoZiL8jjc/tdlpTUvSzs5OFIWDYfrlr3xjMExnP+TYIao3f9v1nSuX8jy7d+/eTHFMkiQMQ+/9/d39//7Cv2u19GfWOdtptzrtZhKrjY2N1157beYblU/r8h+vfOONu/cfIFbGw7z329sbVy9vIWJ9Z+vhZhHRWvfVl1/fOzhAVFgj02F4ZXtLKTr15G/onHvt9bvfeO0NVZ0i4Nldv3p5a7ONiIu/o/f+xZe+OUiHNa3kvL+8tdFuNcPAzGwlRHzt1r1XX3sDkE5eY55dEIRv+86nv+PNT9+8efPevXtZlh1bvdcfvPCVr1tbnNwNZtdutbY2O1qXsqcORykwMyI4577+jTfu3Hugqi8q6+z1nSutViMw+vAQlKL9/d6XXnqlKGz1R8MRqTd/282tjc5hi3W73cuXLzPw7Tu7r7x6q+5iRoii8Mr2ZpIkWmtr7dbWVhzH1rlvvHr7G6/eVjPak4FhZ2f7+s5l7/1gMKi6zmecKZsCog7aSGpGnzUzIqmgwexcMbyYNyxbDAFAB21AOmG3jKSUaTI7X1vHRxAWQbqqBaE2ZgKAtXOUlT889ZJLly7t7OwYbb7x6p3acA512s2nbl5VSn3zm6/u7e3NfFGr1YqiyHl/0B0SrjLIHVHluT3o9gFga2trrucxMCACqDlbXannCxEQCOd4Jh42/qmfp+A9YO2NDoFgFUMtT72ae/XM2wQCqJmNSaiyLL99Zy9NRzeuX9/Z2Zl5LWHlyVI4OUszAm98eD7qB1nSsfc8PDs45xpQcKJZb9++PRqNojC8tNVWpOuCdwx37u4iYqvVajQaiLi1tRUEwWiU37+3T7P2mQG10VcvbxJRmqb9fn+571fF0GaVU0IzeESlg7YyyYX9smvzQZHtg7fjhscjMxSSDnTYQinQI5waiTgKQvVTk1ApRbW9nDQVpiofz1evXk2SpD8c7h/0AGCmqDGAQrx2dbuZxGma3r59uypnJY7jIAi852GakSJaXnEQwTMPhiMAiKIoCIL6bmUAJEJStXqHvHw4sOz0IyLCeU26zpOISKSo+mg8M640fA0VzWklwLlbRqxragbo99PeYLi10X7Tm95069atoiiOr45EinGWNM/5koBAE2pOx+wwLBKhIvJ155EQjx5Zr9fL8zxJkmYjjqNwlOc15/qgO3DeG2PiOB6NRo1Gg5kHwzS3VqnZnymjzaXNjvOu3+8fi84u5I52BEgm7ADSrFwZRlI6aLK33uUX85Y11e0+47sEUaiNs77P7EAQRBwFYf3iCGXvJVXPMcGIBIjlU4aZwzC8tL0dBObVW3f7gxGSmv1kZE7i6Mr2hjHm1Vdf7Xa7VfsQx7HWOsvyYTqqV66asJbzfjjMGEAparVa9anKCDw+7pohaH5V2SJEJKyJVTFU92OvKI6IiNVuRJ5X6xOnua3Evr7zmw/3ryKurZGyPH+w2203G51O58qVK6+//vqxk4tIiH7G+/D84yqbpqZxkKEizMmLfDSOxXqLotjb22u3240kjpNolOeVb82QZ7bfH7aacavVcs4lSeK939vvA1bYJkO73YjjkD2XhrqaeCGiDjsAWOGOWgfNIuuytxfUHW0KyDronHBHBkSlY3aFvZgd7oKIoyA8ARAS1oxxBCYkRMZJuLHT6bRbzTwv9vf71vmq8ZEeeHOj1W4lRVHcvn275iFXpmtkeWELR0SrdRB74FFWWOuIVLvdvnPnzhydACKslVRaUbZKTanRKYZSSdfmjjgOcla6kT/FscxrJcCyR7fWPgkJqraC4Bzcu39wZXuz1Uyefvrpo8HpcUBw5m4wLCCOMKdxGKG0Q2Y+FhQffwWo+WjAca303t+7d++pp54yRndajV5/CBVDQRjZMe/u9TY3WleuXDHGaK2d8/sHfaqQdQa+fGkDEfM873a7vGIWC9siRdLKNCpPmQq1SWze54ta4MYVGUDXhG0YD27hKXckZWLn8gsrvoKIoyA8zoyDKlT/AgAqb8zGmO3t7TAM9/a73d6wKiDDAFFgLl/aNIG5d+/+7u5u1ebLzGJEGAxHALV7UluukIjywuZ5kcRhu91e8LixVi1XlC2ojzeORWiqoMgpz+DErABrDxZXvjqw3pLnxmXnbUQrtd8d7O73mkm8sbFx5cqVN95440iDTr66VFyclVfL1MFXN06phlzh427OR+PYDjDz/v5+lmVJEm9utO7e28/t7PQaBPSeD3pD77nT2YiiCBEHw+FoVFQ1l1Zqc6OFAP1+/+DgYPVrhr3NesxeB62qQysTZWwxvIBJ1uUxuCIFZh22T8wcw6hCE7aKrCfuKIg4CsLavZEm/aoVT1bmw8cjMzebzRs3bhSFfbDXG42KynAU8+Zma+fq5miU3bp1azQa1YhjHMcM0B+M6j1AESlFRWFnPscUY57bLMubjbjRaJRpqvOUaG5XNa7QoIiIQHWmVHawrm2YIy7UVb1aog/NbSWPhAvtX30Klvdv3Nnb3uo0kujmzZt37tw5DKfhw57qmV3V9SFqHI8cqOmq9mP5niHkZeC45qNBePK7TJ7n9+/ff9PTT290mnESFd1BdW81p2nW7Q3arcQYjQi7e33vmWZtlj1vbLXiKGCAXq93KnEEYPYuHyKq6lQYUkGLvXc2vbC3r3LIpg5aJ1LFmXSkvHN5jy+o+AoijoLwmIrjw3hQTUiGEJEBiGhra6vZaKSj7P5u1/PsJ1wZGrl6eVNrvbe3d/v27ZodGEccAQbDDAAqyvqwNupNN65cudz595dvPdjtzRIEsM7nhUUAY0yj0ah/siLOicMRrRpxHKs4znGpddr/vJjiyscyV69xfu45As4NeWqler1htzdI4nBzc3N7e3u6GGedv9a382EAuOZEV+X3IM7/aMwajFgOc3z66acDozutxmAwqoqVI0Je2P4w7bQbzB4Au72hhxmDaxHAAm92Wlqroih6vTX4ELOzeR+RSM8sOc6ISoctYOcuaqIMTIZsKtM8YeeoTcK+cEUKgiDiKAjrtA5EBKrv5ywfJEEQXL9+nQH2u4P+YFQ+OGd6XrMZX77ULkc31k9wF8exUsp5zrKiKuLIzHEUXr2yudFpbG9tHHSHzno4GSHyfpTlZZpqq9WaJ45zbIZh9a7qeZ6EOKfk+pr1bqweZySOuFiLwBzDZObbd/cvX+rEcXz58uX9/f1xkULEmt1YLDmm3qorjHR86VP9oIMZoUHmg4ODLMuCIOi0kzt395z3FYF5LHLXH2TMQIjDUTbKcuAZPdXMbIxut2KlaDAY1Iz9WM4dvbV5XyNVzFXNSEYFTX+BE2XGfdaIWjfgMO7IUA52nGSIS2VHQcRRENYmHZOYS32ADJAZJhOouNv3DvLcVc8mh0/d3NZa9/v91157rWbmaERsNptKqeFwZL2nimRSRIqj0GhlrWs2QqWVc3zylUjYH2RF4YIgWGCY49x84VPYFswbIIm45rNYn8LCsEpXNc5vJcD5wcyJN+K82XTUfndwf7d77eqlcpjjkd7qymtjAW+FusYpT9ZMo5zEcqFWOmcsHgwG9+8/ePrpm61mEkTBKM2q5JSZh8OssDYKzO5eb5TbmYlV3vNGp5nEETMMh8OauZGWxbvcZl0dtEnPdkfSkWEu8u4FnMl6YtXe5gNg1EHzSKo4T2eIS3UeYQmkALgg1DxUeTKIC2f+ID6c8kMphQjDNOsPUir/fuL1zNBuJxvtJgDs7+/X1yhWSjWbTSIappl3fhK/OfYDRBgERilihnKGkpk7rIiGw8w6p5SK47hepCaxMqw+8FUTSg7dsaZJ12v+49tc9eGsOqQS57USwQJK+jA9pbbBCdnznXsH3vskSXZ2dpRSzNMd8TPO0QKHUHd5T64DrFZeWGHFLMv29/cAIApNEoWVWwAExP5w1OsNB8PR3QddZ90k4/5oywC0mnEYaOfcwcHB4hPGLOiOruixd1XflMjE2jQQL/DDlNkWA1v0GfyxTzqpSJkGoJiAsAQScRSEum9WSHV5FceK3DFzt5dmWUFKlfGm4693fPXyZmB0nudVcww+fG+iRqOhFKWjwo9TDWY5HkBgtFLEzCbQiqh8mp580KdZXs6tHIZhHMc11RyxDBfVSM/Kj2ack4vMax7iCGU2Tl2Sil+1+E+5Zag7loWUlGjB9+8PRnv7/UtbrWvXruV5Pg46jndjtv8vdD6oJrQ8+xDGwjqncjhU5IZxr9fLszwKgyQO9vYrd4AA89x+9ZXbWqlub4iza+mzVqqRREqpMvNm7XcBZ3OkoQ6aFYXBUZkGs7P54AK7Y5nuQ0ofT/dROmaXyzTWgoijIKwnYPXwfxVf5adjb+mouPvgoKoDz1nf6TS2NptEtL+/f+vWrfo3L/UOEYfDzFdlMTMQYRgaInLOKaIoDNJRPvPF3vMwzdutJI7jZrNZKY4Pe0+rleg0CSVU2zPLDOs1x7ldqnSK8Zq1W8aHU7/VNggspngK88Levnew0Wk0mw3n4ofmN3MDvI4xjrMHKh62a81HY/aqYwPu99PRaKPTabeTuw96tnA1Ma9yxHDVAAfvOI6CZiMEgDRN1zXA8djB2KIPWPb2zjxUUrrhfeHtxU2UKdUWkUjH01WEkEiZ2PtCOqyFRQMq0gSCUPsRmVN0cHpG4v4g7fWGpKjqEXz5UieOAmvtybnjThLHsdE6z21eXToHEY3RYaAPH+dhaCo9AHEwHJXT2yRJUuE68DCOVedMq3n4AqsjAqw34ghzJ8de+XvFnHVpsejp4t6K2O0N9g4GRGpqnsCKyN4iU37Pm0679uKHRT4aMxkOh8Ph0DO3m0kcmYXsdna5R0DAKAqiKADg/f39edNpnkK7ioGfzkHm6R9GZZRO8GL3+bK3RdZnVxw7NahCpaP1fu6EJxiJOApCzZORJ2JYE3EcP7mttXcfdL0HUjOjfb7TSTY7DUV00OvNDTcCQLPZ1Mako9xaV5NSHRgTBpqZy87BKAywem/7w5H3XJaHrDxmz3w43rDqCbSCPPKUBGB9Hcc1n8b6YwFetY7jvC2jX2Qjc5r6yIsZRlmxu9+/tNk8XKVyC8wwLzGHJrV8qt2XK6x0oqu1H42qhc65vb29S5cuNRtRHAX9wWjFKDOz0tRpJeWIz7t3756ldTlbDDQpUuHMut9Kx94XLh+up3b9WR1FYYu+CTuHE6WWsWFlEu+sdxkIwtxwijSBIFSrDs3LnJjkcyD0+un+waBynmWkrY1WI4kA4NVXX11kIt2yUvcoy4vCUeU+YBDoMDDej9UxDE2102Ga5s45RCwL/czzmbnOs6qQz9O8dZ9IXGB/cP3HsrDWLvNueNAdDqdHI1RuYe6WF7A1XjlYi5NvXrN58OBBnudE1Gk3ai/F+k8oaq067UQRZlm2xnzqmXiXu7wP7GC2ppM2DTU7//oC4ezIFsNjcouklYlQsmSEBZCIoyDUhDOYmaFmXg1kBhim+YO93qu3HjjncVbfn/c+DMzWRkNrGgyGR6aMqyZJEqPVKCsK66q6FBE4MDoMTZbl1tokSaJQV9VBRGDnfTrKw9DEcWyMqSoGhJMwXeWB88odvFgvHMi8Rm3ksued6u1/xfgQ4pxWAlrILBGX6C5H4HSUHxwM4jA4/BPOntxlgZYs+/HrhmlWbYQmAzircq65TK2potfrpWkax/FGO9Fa5blf5ZJijsKgkYSItLe3N3f4xxqsy2WYD3TQOlLa5tCySSvT8N5d6Nn8mF0xQESl4/H1yQAApCJSmWTJCCKOgrA65XRsimpniPawu9/f6w5s4QjVjExqD0i40W40GzGRevnll2vSmQ8xxkRRxAxZbpmBZvV/swdUEIVBEJi9vf00TZMkCUOjFHnHM/cEAAfDfKPTbDQaxpiZsx0yAxIS1ZX388C0SnCiTFKnmjRi9oBEay3Jg6r2Hb1npFUCLeMjqbUuqp/zDxgRCRUsfMQMwJ7vPuhd2mo3k0hrRUSMs1L4mesDSAhQXt51Wd0akAhmFJQHheRnXfCH55EUVkfKIc/zvb29TqfTSKJGHNrCL3tBsQcm3mg3jNZEWIYwz8G6bN4HBG1aM8/ZuLJj1mW+uLkm7J3NegCozMNEGSRSJmFvvcxhLYg4CsKK0QWbD9OBmdePxgw8nmBw9lIAQGiULxiNRovMhxaGYRgGRWH7vf5oOJhdi4fBBNoYBA/9fj/LMgBQiOyKNM1mP7IZdveCm9cvBUEQhmGv15ulE5xno3Q4rAkAec9JtGT3IgKzz7K06nCmGjPglQuMn9hcno+Gw4GqVdW8GVZNfFdDNkrTYVbTSs5zHKra041FkafpAJZJ0WEPRTb6d+LNTtLtj9L+wHk/o+/Ug1HA1fFUZs7zLB0OasTReZ83Aj7WOAjO2XQ0LHJbPcQRCLEomnXfyogQ0TMPhoM0TVcJOHo+6Grvt8qPjFKqpqL+Gr3L5UMiUzEbIaAOlY8udHWe8XzcAyKDpA9nlCEKSMe+6IPMYS2IOArCCtiiyAf9wqjTbsjx7q627rrW+sqVK7dv356b+xmGYRAEeVF0e7007c3uLmdAjsNAF871+33nXDl+EcCmw97sVGLP+/vKOUdEzWZzd3d3Zi3JLMvStFfjMux9li07lguZORuN0rQHWB1hYwaO1vXcYuY8y0bDfuXYUwDwnGcxL7/p0XCYpsO6VnKcJYY918h0XjY1LJnczfD1VwavGuW9L6quJeYggKqWRAAGzrLRaNgHVXMIPs/iY+6LgM7aUTrI86LmPBKRLTYqnz1at9ttRdQ76B0cdLNstEpXtff379t+/0oYmp2dna997WvnIo7A7GwxMKSR9Ky2JWUa7K2zFzrXxPvC5j0dthHVOD8cUemIfX7B91x4tMhIWEGoeTpP/jP/h2uWMkCvP9g/6Hnnrl27VlUK56Q4FoXNRjlD1WZZB6oRR9baNE3TNLXWkqI4irhyTzjLbX+QKkWtVqs6KYF5zoHjKkMDEflQZKrbis/oXFa3ycrb5PqrYuoiqrWQ6j0cTwhIJ//uvBtlWVHYyuPihS/y+Ucx08knjVdxHoG55hGTJEkURUi0u98d2x4v/4M4yvN7D/ac881mc2Nj4/ysy2Y278+ufYiMqJVpzNTKC4VzmSvSchRLeVqRNGnJkhFEHAXhNMyZDQ601kEQ1Ew+h4SjLLt7b7ew1hhz48aNuemsZdbzKMuLooCqGekAAq2TJC6KohTHoigIKY7C6t1Ga4t+f1DOZzgnm7XuqPl0rVndVmdUTa7mWADP6MKYvGiB7cCsUwzcjJO3vfWZb3/zzbBMhTk+VyIusAOnPpC6lbBurdqLvN1ua20QYP+g75yF+dMuzr6evXX37u8XhUXEnZ2dc7Uumzo7ZPYzvm8ikwq1SdY98frav1CxK4bOptN/IhVV9cILgoijIJw2jkUAO1cvvfPt33792pXKABMCMN67v9/tDQHg2rVrQVDXz6u1TpLEOz9MU+991ZOHEKMoNEZba7Msy7LMWqsUxXFQFSlCwKIour0BEcVxrLUMVrm4lxYAdDrNN93ceftbn7l8abPy6no8abVaQaCzPO8P0tPNLo39YdofpIh46dKl+k/W+q0rH7LLZkdoEZWOlQov+oXGztnUu/zhfiMpHUrQURBxFISzeLgzKb291fm2p6+9/TufacRxVb8nEh4cdO8/2HfOJUlSHxoxxjQaDetcf5A6rnymIqpWM/HeZ1lWFMVoNLLWEmEUBjWpvM77QZpa68r8GDmJFxzvvVbq+s6lMAyemINSSrVaLa3NQbefVcyQOWU2zN5XSTMSZmnW7fXLKZEuX758ztZl8z47Oys2y0BKB62L32HtXeGKIXs/qTHEqAJScnMQRBwF4WyeHc75wrowNDtXt6BK8xDYwxt37g/Tkdb6+vXrNd3ExphWq2md6w9Gfnw3n/XpJWw2Y/Y8Go2KonDOleVITGB0YGaPcUNghlFaDIfp4VzYcgovONa5navbG53WE3NEYRhGUUREB93+KM/resQZNGljqqUZgdnv7nWzLDfGnHNvNQB4Z10xYO9mV1pVRpn44s/m513u3ehhaR5AkqCjIOIoCGeqj0R09fIlE5iq8iuoaG+ve//BPjNvbGzUPOGCIEiSxFo36A25yhsZlKJ2q+G8b7Vazz777HPPPddqtbxno3UShZVVYBBGo7zXH4ZhsEiajnARri5EfNPNHSJ8MnqrG41GGIbOuV5vaG1lajYzG63f+p3f9vz/8PZLWxvjFLSTKLp7f6/XHxJRu91utc7ZsNna1BVD4JMVnRgAtGkqffE7rL0tht4/LIRJKpCRjoKIoyCcIYiQJNFmp10TdASA19+4l+dFGIbb29sV28EkSRApTbOipmoPAjMXhQWAVqv1zDPPfPu3f3ur1UIE51w5vXXVqqM8G6YpoQxzfHzMkXlrq91qNviJMMcoiqIozLJsOMrqjoghCsOdK1s3rl25dvWS1mbmME9EzEbZ/kHPex/H8Tn3Vpenx9nhZKLnE+6IqExy8Tus2VtXpDz5qopISkeISj59wjHkmSEI63p2QBSG25c6d+/dr+qZQoW7e729/e7O1e2NjY0kSU7OIlPmOyPCYJha5wArC1MXRfFvn39p61KnmUTGaGB2nvv99MHuQZqNavqgC2uHaeacazabQRCcw0Rtwim/lTB7o/X1ncv7Bz14zAcXlDVEtdbd3mA4HAFXj8hFiOIgCLRzbnOjFQamKAqsmJf7zr29mzeuRmGwsbFxXpXAp63LOZuSMnBoWg8Vl0lHyhcuHzD7i3xqvMucNdokAMDj0jyhK4byCRREHAXhTFCKOu2GMaawtmpyFM/u1Vv3rl651Gw2t7a2qsQRGAaDkS3LlFSGY6A3GPSGg4cTuzF68PVzoCAgMA+HWV7YZrMZhuFgMDixYeECWaNzjpmVUlcub37tlSDP87UUeXlU/hkEQavVYs/pKMuzvLqEOCBzFIaBMc65dqsRx2F/MFtiEGlvrzscjuIobLfbnU5nd3f3nI/L2YxopEwy82ul0gm74oLPBM3snU1JaaIQgMv0am9HF9x3hfP+7idNIAhruucyALSajUYUQfVkIQj4YHf/oNsPArOzs3OyeshYHBEHw9RZXz/VcbnQex7/lPd3nLurkKajPM+bjcbJxGrPzDLh2MXRRsRsNNrfL/Pxo2tXttmt4eyUxQYJEfC8e7/DMGy324W13d7AOot1x05xHGitmUFrvdlpK0VVFa+8d3fv7zJzs9nc3Nx8FLcAb4uBd7OnwEFSOmiQMhf9PuYKlw+ZHZadHRQoGekoiDgKwllQFIV3Lo7DzmYLa5IYEPI8f+Wbt4nU9vb21tbWseXGmCiKrHVpOgLmheJCS9V8RgDgwTDN80Ib02w2j3Vqs1/OG5n5dHX4zvxRuKz9X7jbtKJbt24Nh8PAmJ2rW6YqZX4lKz3/w4njuNls5nmxt9dz1UUDACAIg1azcTi3zpXLm1rpqhPKwG/ceVBYq7Xe2tp6JIN32VtbDGFmhjUzUkA6AnwMMqydHY3Lz2KZXi0jHQURR0FYN1mWHXS7iHhpqxMEQU3njmfe3T3Y3+8mcbyzs3Ps4d1oNIgoz4s8tws9Y5aYJm5ac90oy51zrVb7lI/YIAg2NjbaR+l0OkmSPPJaPwzAnhef5yYIgvYJHvmxEFG32z04OGDmdrt5aWtjLUHHZRWTiADAe148RHnylUTlXJdUFEWvN+Bqb2TgwJhmI3bO2aJg5v+/vTvbbuPI0gUcOyLnxAyQBEmJkuVq2+3q6tXrrNMvVv0cXe9w+o3qwi5XuwbLEsUR85hDxD4XQUEQJoKURELy/y1eSCCQQyDB/BFjqRj7nrth5e/JJOl0+krJSqUShuHjpK48zfPxupUAlBNKufOVjmx0Pr2pdLR5d+crSuEhoY8jwMe5sWZZ1m63a7VatVyMQj9J0rVPFTSejM8uW/V6pVarBUEwmUxmt1W7EuBwNMnyfMPImHd31+WEerMU3aajNayHo3Ge56VSQSl17/ExRHR4eLhcb0pEk8nkL3/5S6fTecxqPOZtKkNnmbDZbFYqleWMOJlMfv755+vr60e8ws7Ozg4PD8PAr9dKFxfXgu/fS5GZ7xGDbbHcXG/bvV4uTQToOE65XGbDw9Eky7JNVzgL33eLhWg6TVqtVrPZdBxVrZYGi11y39G5vrhqHTb3giAIw3AwGDzKNaeziZSudIKlimEmUsoJ2OQ73muQdaazydv+miQd3+gUPR0BwRHgY9JaX19fv3jxIoyCer3aH4wNr5kTh0Su9eVVZ/h0XCmXG43Gq1evZsGxVCopJSfTJEmzW27PLIpx/P13z21V0Ey3P/zrz7+Y9XGNiIwx/f44z/Nyqex53nR65z77ea7zXHue4wd+EATL0aRarfZ6vX6//8DjW+8hzXLBTETrzqVcLidJ8ojBUUp5cXExGAxq1Wq9VgmiYDKekrpnckySxBiWSkZRQGQXC1m7KcPMhqWUURR5nuc4DhEZbW6pd2R2lVMshkKINE1nnRlc163Vaoa51Rkk2aYrnIjiKAzDYDAYnJ6e2trf5n799em5WXm8JDTrdmcwGIyKxbhWq7VarUe59tjkeTp0SZFa0alAOpFinafj3R6FxjobS6nICYiFVL5UyY6P7AEER4DPz2Qy6fd7jUajUS+9en2WpHrtbZFoOBh1e4Ojw/29vb2Liwu76Iu9PRPJJEmM1puTAQuOIv/pk4M813aBGSLhKCfwvZcvz0aTybqR3YKEMGI4Gue58SIvjuN+v3/XyqfRePq/f39Zq5YXKhTt+N9ataQcpZTa/ZVpiKjXH/7j5WkxjhYriFh4rqpUSr7nbVjgfxmCAAAfJ0lEQVTp58G+mZydndVrtTgOKqXCZDLZNJHNbcGx1+tVq5VGrfzPX5wsz9a+TSSmk1RrTUTNZrNQKBSLxTzLx5Mkz82GS1MwxXFYrZSEEPNfHsIw9H2fmQeDoc7N2iuchXJUsRgZY9I07ff7o9GoXC4XCmHgB6PpZOWZk6DxJGm1u5VKqVKp+L6/PGvBwzA60/nYkcXlhEtEyomMzuaWh97J5Mha51NHeSykIIlKR0BwBPj4+SNJkuvr1v7+QSGOAt9P1rf/kqA0y84uWvVa+WB//5dCwc4e4nme57l5rseTVNzWGElEnucZw5eXV+fn58aYIAi++uor5agoDkbjyebjTaZpmmUh+6VS6ezs7K5nm+XZP/755uWvZ4v1JkYHQfif//lvhfgzWZaGRJZl//vzy+V2VcGmUCr83//4PtiNRb0vLy/Tb77xXHd/r3bV6uY6v19yTNP04uKiXq9XKsVatXxxtbbhm0gORsPrdrdYjKMojOOIBF1et6+uO4b1urjJgl3XefrkIAx9Y0yr1bJ9IYioVCrZLrzTcbJqqZW5m5NSxUKU53o8Hk8mk8lkwsZ4nlupFEdn43VVlWmadrqDLMsqlUqhUHis4GgbrIkc5cXLlY4kHeWGu99gbXSi84lyImKS0iPp8G6HXUBwBPjMpGnabrfTNI2jsFQu9AcDO23iyrBijLm8bLebjYP9+uHhYb/fz/O8WCy6rpem6XA4vrULmySKI1+w6HQ6//jHP4QQSqnj4+MgCItxdHXZ3jidIydZNpkmpWJcrVaJ6B49EQ0bk/NS1mJptPi8JvQhoQ1rkS+di9C52Z0mxdFo9ObNmxcvvtprVMqlQqvdud8QXa316elps9msVqvf/MtJkqbdXp+EXNn+yyx++vnXdmdQrRSVI0fD6flFazAa0fqFAkmIo8O9p8cHkuTV9VWr1bJXl1KqXq9LKYejySRNNg/OVKTKpaLWejAYaK273e40SXzfb9TLp28u172PzNzuDtrt3sFBvdFoPFZrtZjNiej4JNX7VxALIqkCUlPOk13+WDCzzqdKeUyOICWVa3SGeV4Bo6oBPqbhcDiZTHzfKxdjpdSGP7JENEmmZxdXxpijoyPbtS6KItd10iwbjaa31iWRlEHgG2Zj7NyLrLVOksR1VBTdMvUaEWV5Np0mQnCxWFzoJbl93hJEiz+Cdr95ettzIRZyh84ly7LLy8s811EY7O/VBN1/6erBYPDLL7/keV6vln//3VflcsmOtFqxQRJpmr5+c/7jX3/54cd//PzPX/vD4U2JLQYNYbuKHh3sffu7Z47jaK1//fXX2Qzzb1dFovF4kqTZxuuEw8j3PVdrbV/ebren06mSsliMvY0TEg1H406vz4YbjcZjja1++8UjM/l0fgmZmz8ILIik44S7P80N61znqRBMJKTySGJeHkBwBLj9b+eGn3f1dEREROPxeDQaGcP1WjkMI97wckEmN9dXvfF4GkXR/v6+lDKOY9d10zQf29Eqm3YtJFEY+vPTKDLzZDIRJALfI0VsBzCs23umJ5OUWbiuE8fxXc5644/YXCXx7t658oc/foUGC6b7ng4Jc78LY1YUvMXhiXdn/u61zKums+l2u61Wy/e9eq3sOS6z2XAAG/ZtjDk9PX39+jUR7e/V/s+/f3N8eOC6HttpPBcOm4Qg0jrP8kywIEnLCzKzYWb2XP+rZ0d/+LffRVHAzJeXl/O9IOxKRVrr4WjM2ghBG67PUiEmEnme2zkHBoPBaDTSxkRhEEbB2mtbiFzn7c5gmiS1Wq1QKDxyjV02ZpMvfSpYCCEdXzn+7v/5M3rKbFgIkq5UHm4IgOAIsOGWTuLmLrr6RzAJfteUSURa606nk6ZppVwsxMEtLycajEetdldKeXh46HleGIZC0HgyzbJUiE2vZWYhKAwCfn+hl/F4zMy+77mOe8vejRmNx2maSalKpdLCHU+w4M0HsLZM1s/zZ3/DxLzx5R+1mdtmsPufy/qDYXFLKW3bXn/zdi69v6sKcjweX19fM4tSISwW4w0HIFhsWMFICJEkyU8//XR1dcUsqpXSf/zhX7775lm9WnUdl4VgY1gzG3PzfvKsUvZd5SIz3zyNje97+3v133/31fffvQiDQAhxdXX1008/zc/0VC6XXdeZJmlvMBbilgusVIqYxXQ6nW3BtjuHvheHgTBibZlr7nQGk2niuu7e3t7jjmoyJtf5WKzoy8hCSOkEUu16hzGjM6MTwYZISuViMnBAH0eAFWwjWhR4tUZVOWp9jYJwlAqD96oNWq3WyclJsVA42K9ps3kZFtJa51prbYrFYqPRcF1Xa0NC7NVrtzZVu64bBp54f72T6XTKLKLQ39+rTacJrW9pNdr4vmuMcRxVLBbffZuUVC4X793gbGOrUnL5xKWUlUpROWrzlj3PtX0uPzxBSinLpQKzud/JMItCHC6349slNWq1chgFGzZsDJfLRbmhsZtFoRA2GtV1GykVI5Jk9HvF2+12kyQJgqB5UNuwcXvwsxNfWZij0eiHH374+uuvm82m7/u/++rpXq1y1eq2O/1ud5Bmmda5ZlvfNBdkbXwkQSSVkp7nlYqFw2b9YK8WRYEQZIy5urr64Ycfut3u/GeqVCo5jjOdpr7nNfZqG98TqpSLNt3aCQdsEs2yLAyD/b1qlufrXsjGKEdpbfI839/f/9vf/jabJ/VRvJ3WMVyqTGdSnnIiNoMdX+RTZxMpHaE8KT2pXJ1rAQiOADDPVnIc7Nca9cqtT1ZK2oxi/9tuty8uLoIgeHp8cNhs3NryaqdVdhyn0Wg4jiMEH+zX9xq3L7ZLJBzHSZJk/r5oJ9YJg+Dff/81b7FrpZSddXx2d1dKffu7kw+6k5FwlDKGZ2WS53mapp7n/es3z2/fMgnHUeKDFwAkItdzv/n66Ydsh4hsCJ6dS5ZlLISS8g/fv9iihMlxlDFmYYhGmqY2GT9/enhy3Fz7ckmu44ySZPZyZm6322dnZycnJy+eHW947U0JuEoIYYxZtyxkp9P585///Pr168PDw4ODg3qtUq2WpkmaJGmaZpNpMpkmWaqNMXme21mfHFdKqVzX9TwVBUEQ+IHvBb5HUqZpenV19ebNm4uLi+XJQeM4llL5gff9t89vvQZcx7HRNn+bEQeDwa+//vrtt98+PT44PGjc+qk0xhSLRdd1Hzc4Mps8m7jSJbm4XiIJkk5A+XTHRyuzyXU+daQrpCTlkk6wnD2CIwC85+Li4ujoKIrC7Vbn4CRJr66u7L05y7KXL182Go1qtbrNvpiZiHq93vn5uY2PnrdtR6Isy87OzuYnph4Oh/1+v16vBzLY8q42Go3tZEC9Xq/b7dZqNf+DZ59hNlqb0WhkbzC9Xu/s7Ozrr7/e8tSMMZ1Op9PpfMg72Gg09vb2PnwmHWNMlmVDOyLkbS/Dw8PDLUuJma+urlqt1vyDk8nk/Pz8xYsXK3qXLu396upqNLdcSpIkf//73z3POz4+vrUmlZlHo5F9fzdcRefn5zaPNpvNvb29UqkUBr4xbBOnfRNnWcHu1HbqlVLaSD0ej1ut1uXl5eXlpe0vsbwjez2EQUAkt7wG5rtIMvPLly9rtdrh4eE2J87Mr1+/TpLHH7lsdKL1VMlouXMokVJuYEy24xMRGJ2yyUm5UjpGOqwzAb9VJIT405/++49//C+UBcC7b1SOU6vVth9rrLXu9/uzWxQR2fmHt99jmqbdbjcMQzvsdPtM0+/356t2iKhYLEbRHeZQzLKs3+9nWWZfG4bhRxkWbYzp9XqzMgnDsFQqbb/lyWQyHA7vPZcKERUKhY+1xnSe56PRaFZxVSgU4jjefsvj8XgwWGyODILATmp4awDq9/vLdWZxHM93MNh8adnJnrZ5suu6URQVCoV6vVEsFuI4Xn89cJ7r0Wg0GAy63W673R6Px0myqS7Kbnn7j9VkMun3+wsb3P7EhRD9fv/xpnJ8/4KUjusVpfKXv4oyc5Z0zW5PzSOEcLxYubEQIk/6WEXmi/Tjjz8iOAIAwH0opWw3BqVUFEX2v2EY5nlu0+F0Ok3TVGttG+KNwZoitxWpEzhecbnBWggy+TRLejs+H7hUnuPFJD2Tj7N0JLCKzG81OKKpGgAAFmmtZ9W98w3lcG9GJ0a7SkZiucFaedLxdTbZ6eM3mdGpki4pl6RijeD4G4XpeAAAAD45Zs7zqTErel8QSeXu/HzgzDc9HcmRErVOCI4AAADwSaOXyU0+WTUOhiW5yg2E2OlVl4zJjc6EEFK524xwAgRHAAAAuHdyZJ1NjU5WBEQi5US7vjQLs8mnbHKSnsDygwiOAAAA8Kmjl9YJs5llx7fL3gghlXL8Xa905JxNRiQllpBBcAQAAIBPHR1Nnho9Fe+txiOEYBJCKl8qd+eTbyaYSXkfZa4rQHAEAACADdFLm3zKrBfmA2chSCrp+IJ2vKdjZkwmpUKEQHAEAACAT07rdFVPR2YhpApot8csszG2tZrQzRHBEQAAAD59+OKVlY6ChZRKKW+3Kx3Z6FQIJkzKg+AIAAAAD0Dn6duF+0iwuPkRLISQji93vdJRG62JlEA3RwRHAAAAeIj0lU/Z6MVpHZmJXKmCXc5kzMbolIgIY6sRHAEAAOABGJ3l+eJyjiwEESknkHKnh1cbkwkidHNEcAQAAICHwSZL2GSLw6tZCJJS7fbwaqMFM2ocERwBAADgoZIja6OTudkcbx4mIqncXa7PY8GGcyKFtQcRHAEAAOCB6Cxhky4FSibpKOXv8pEbnQsSAsERwREAAAAeBnOu8+niEBkhhCCpfNrhhWTYZIIF1o9BcAQAAICHY/KETSZWJEdHKW+XMy+z3vHFtQHBEQAA4IvCbHSeCLGy0tHb5Xm22eREErM5IjgCAADAwzF6udKRhWCSrtzhSke2k/Kg0hHBEQAAAB4ugbHW2eRtT0eer31UO1zpyMyCeVVdKSA4AgAAwCdjdMYmXaq8I5LuLq9AiG6OCI4AAADwCAns7fDq+RzGgqRU3s6GMzYaM/IgOAJ8UZw1lFJCiFqtVq/XH/h4PtMJLB6+rD6R4+PjKIrw0fikwjB88uTJykt9w69+49eqMZnRi3M6ChKkHLm7rdUGTdW/rVsqigC+eIeHh47jCHEz3xi/nS9tMpmcn587jiPlg36DOjk5ubq6GgwGn2MEf+Cy+kR837dfG+ATVktI6XneXX/1G79W2Wijk7f1izyLZkSOdDyTZrt62AYXPIIjwJfj1atX9h9RFDWbzdevX2fZY/79ffPmzeYD8H1/f3//zZs3Wmu8fR8lJqI8P2tHR0eDweBz/K51D0anrDN6fyQ12Xl5aMq8m9cwahwRHAF+Y6SUcRw7jjMYDPI8nz0ex7Hv+1rrfr/PK5Z2EJ7nxXHMzMPhMAzDNE2TJLEvNMZMJhP7tHK5PB6PbV70fd8YMwsxC7tQShWLRdd1i8UiM/d6vXVH4rpuFEX9fj+OY6XU7JlSymKxONud3aPrusPhcPYqpVSWZcPh0G6KiEql0mg0sudunzPb4AKllC2r8Xg8nU4XikIIMRqN0vRdc1sQBGEYSinzPJ8dfBiGYRgy82QymW1kdkZhGAZBMJ1Ox+OxUqpQKAghhsPhrNDsOSql7HM2vLPrytPuLo5jrfWsHLbZcrlctm/r/GvjOPY8bzgczp/45nOcf9fWFd393k3P84Ig6Pf7s+9LQojlc3FdNwgC13WTJBmPxxsuqlvLZOWmFj5EWZatS36bt18sFu2VL6WclcPKE//Az/X2BfJpI5jRxqRKOu9Pjmjn5XF1ji8/8Ni3SxQBgJTy8PCwWCxGUfT06dNZC1ej0bDdpIrF4tHR0fILoyh68uSJTUXNZrPRaIRhaH9VKpVs3LHq9fqsba5er/u+v24XRGQb1l3XdV3XNq+vPBLP8+r1eqPRqFQq861yxphyuVwul5f3bg+4UCgQUb1ePzo6stuXUs4foe/76/qH2TONoqhQKBwdHc3ON4qio6Mjx3E8zzs6Opo/2aOjoyiKmDkIgtnp2P4D9snVanX+jGq1WrVadV232WwWi8XDw0Pf98vlcrPZnGXB4+PjOI6JaH9/f/5Ml60sT3uOR0dHvu/XarX9/f3tt1yv18vl8sHBgeu6tiPd3t5eqVTyff/Jkyd2X7ee4/y7tq7o7v1uBkFQq9Vmzy+VSsVicflEZh09Z1fXysPbpkxWbmp2tJVKJQiCvb29RqOxMtlv3r5915RSruvOSmzliX/g53rLAnmQSseMOV+o0CNBUrmEYSiAGkeARxcEweXl5XA4lFI+f/48iqLhcOj7fqlUOj09TZKk3++fnJyEYTirQZzdFIfD4eXlpRCi2+2enJzcab/rdtHr9aIoarfbtoJt85EYY16/fr2w5cFgUC6XW60WM9v6p6urK3tHHI1G9oA7nc7z588rlUqn09n+mF3XPTs7S9OUiI6OjgqFgj2SRqPR7/fb7ba9AZdKpevr6yAIyuVyt9u1j8+f9cXFxWg0sjfvvb29hZq209NTIcTTp0/r9frZ2VmSJHEcHxwcKKW01pVKRQjx5s0bIUSe59VqdUM9UJ7nC+U5q3M6PT3N87xUKjUaDSJi5i237Pu+bfiu1WqVSqXVal1eXhKRvXj6/f6t5zj/rq0sugd4N3/55Rf7D1uk8zudP7xtymTDptI0tf+tVqvlcnnh1LbZfrvdLpVKw+FwVoe65Ynf9XO9ZYE8RHA0mc4Tx32v0pEFSxWQTHh59AwAgiPAQ5pMJrbhzxhjjLH1CrYuLY5j24Zo79nzwdFxHNd1Zzc5Y8y69rJ1bt3FNk+bz2TzUaNarcZxPBwOS6XSZDLJssyOJZ+1mRpjkiQJguBOx5wkiU0/tgXWVmW5rms3biu6iMhWidmN27JdOJ3Z8dt/BEEwC1WzM7Jt/bbp37YzSim11rb91+7LjoGwgfJOJ9Jut+02bdPnnbbc6/Xsg1prY4y9Bph54eLZ5hzXFd3DvJue57mu63newlCh+YtqyzJZt6lZ8/R4PK5Wq7YHwsL1cKd3c/sTv8fnepsCeQjMrFN2fCL3vcdJSuWzye76pwYAwRHgI/+VXn5QSsnMs191u12bYGbsreVDxtncuos7PW2hmm08HheLxdFoVCgUbAXV8gHnee667gfUixilFBHZW/LsIEejkb3x28fn+5bZB+2NfFa7M3vmlohoFtOzLLtTjenDbHn7c1xXdJ/63ZRSHhwc2I6qH1gmW27KntfyYPa7lvn2J36nz/X2BfIwDGujcyW998edsHRcnSvxfkM2AIIjwOPLsoyIxuPxupSWpqkxZlZdsdzLar473f12caenLVdTHRwcVCoVZrb3QnuvDYJgVr+yUP0zO+Atp0qxIx6Y2Vakaa0X7vp2j2EY2hbb2W3ezsZiX2UL5075O8syz/M+Yl786Fve/hzXFd0HvpuzkGq7eC7vulwue5736tUrY0yxWFzZCXLLMtlyU7YQFr5FbF/ms4vz1sv4fp/r7Qvkwb7OGp1Ix1/o1EjkSOlqozGQGR4LutkCrDYcDvM8r9VqNkUppWbjHmb1GbatNggCz/P29/fnq5SSJPF933GcKIr29vbutAsbJmYzVN96JCuNx2OtdbVaHQwGtn7FGDMcDguFgu/7RFQul5VStt+Y1jrPcztMtVKplEqlDWHRNgvaIcP25czc7/dLpZId4jBrb7VHXq1WwzAkoiAIpJTD4dAO+LAnUi6XtdZ3qubpdruO41SrVVv55HmeTRW+7zebzdl4nYVwts2M3+u2fI+LZ8tzXFd0H/Ju2kgURZHnebYWbeV+bVWx7/u20XbdxJa3lsnmTZVKJRteS6VSkiTLX362KfMkSewltPnEP+RzvX2BSCnv2iXgntHR5KyT5QVjpON9pisIwJcBNY4A677w89nZ2f7+/pMnT2ybY6vVWphPpNvtHhwcHB0dGWOurq7mbyeDwSCKopOTkyzLLi4unjx5sv0utNa9Xq/RaNRqtZcvX25zJCs3PhwOy+Xy/DNbrVaj0Tg+PratddfX17Nqm06nU6/XbXtoq9VaF3bTNLU3XSnlYDCY3bBbrZYQ4uDgwBhDRHbsAjOfn5/v7+8fHh7aeGrnsLSnc3JyQkRpmp6dnd2pz9Z0Or24uGg0GtVq1bYIn56eaq2VUlEUzdduWgvleY8t3/XiMcZsf44ri+5D3s0kSYbDYbPZNMas65w3GAziOD45OdFaX19f+75/fHw8m/H0TmWyYVN2eqlnz55JKdM0vbi4uF+Z93q9vb29Z8+eXV5ejsfjDZfxvT/X2xdIEASVSsWO5vnkdY46lSpciI5SeiQdDJGBx0JCiD/96b//+Mf/QlkArKtgsHMQrv365Tj2t8+ePev1et1ud/arLQdtrNyFlJKI5l9+65EsaDQadhD04seeSCm1vB1b42XWLwJhq1Rt10Y7FmTllrXWCyHJVt4sFMXKB+/2xddx5rsSCiGazWan01nXVXShPO+05fvZ/hzXFd29302l1K0DtmbXp61s23ycm8tkeVPz/1h5hHct89kHbfOJf8jn+k4F8hB3aFKuXyAVvNcwzazzaZ4O0VoNH9ePP/641Z9HlBTArbVHmwPEhlvXljeelbtY+cj2UcZOfL1cd2UrXVYe8/yggXXHufm81m155fM//K68sC87QmJhAu0N5Xm/9/ROtj/HdUV373dzm13PnsPMtz5/c5ksb2r+H9uU563PWXjClpu904fuTgXyAJi11qmjbCdpvgmKRFI6RHJXV5GBL70yBUUA8LHML+/x6HzfH4/HOzJE9GHkeX5+fv5FzlTyG3w34Sbg6tToVAh6V73ITMqRjofCgUeBGkeAj8bOk7I7Kfa3ljO+4MntkBp/s9gYNplQniAS765wktLVYorWanh4qHEEAADY4eiYp2wWmzJIOiQVSgcQHAEAAOAdw7nRy0PZlJRoMwQERwAAAJjHzCYVzO+WrmYWgki6gnATBwRHAAAAmGN0vthaTUIqB5WOgOAIAAAA72E2xqRC8LuFZFgQOYTgCAiOAAAAsBAdjc6XJ24k6RBaqwHBEQAAAOYZnbHO5+bf4ZuZwFHpCAiOAAAA8D42OhNibrUbZiKFSXkAwREAAAAWGZOxWWqtJodmo60BEBwBAABACMEmN+b9SkciKR1MygMIjgAAALDI6Oz9pTVZSEI3R0BwBAAAgEWsMzb5fG4koaT0BFqrAcERAAAA3guOgo3JWMxVOhKRlIS7OSA4AgAAwAKjM/HehI5MJDG2GhAcAQAAYBEbbXT+rtKRhSCHlPtuURkABEcAAAB4Gx2T+bHVJIQkhUl5AMERAAAAViRH1np+cDWREhhbDQiOAAAAsBgc2RiTzVcwkpQS3RwBwREAAABWRcecxfwQGUnkoJsjIDgCAADAUnI0mvVsQkcjhCApSeKeDgiOAAAAsBAchTGs3xsiIxXWHgQERwAAAFhOjixMzmzmb+iE4AgIjgAAALDM6Hxu+UFDgqR0MCkPIDgCAADAImbDRs/fykk6uK3Dp4ZpnwAAAD7T6KiZNZGdiMeQVIJofiFrgPvpdDq/vno9mU7DIDh5+qRarc5+ha8mAAAAnyVj8tm61SxICMzmCB9Bu9P58ae/DkcjrfVwNPrxp792Oh0ERwAAgM8bC2OMeZsahbhprUY3R/ggr16fLjzy66vXCI4AAACfe3JkNqkQmm7CIhEWHoQPNhqNFh8ZjxEcAQAAPnvGaDazXo1MhEl54CN8H9nwCC4vAACAz/cmbwznc/8nQjdH+JQQHAEAAD7b3MiGTcaCb1qrSZJCazUgOAIAAMDK7Gj0bGy1EESkMD4GEBwBAABgZXCczQQu3nZzRHAEBEcAAABYDo6sjc5YsGA7MY9EN0dAcAQAAIC12VEIc/MfEm/XkgFAcAQAAICF4GgMay1ICGGEIIEZeQDBEQAAAFYHR9bM+dtlqiVqHAHBEQAAANZHR6NvFh4kIYgwPgYQHAEAAGA1w1oYbRupiUig0hEQHAEAAGBNcsxZGDsNOAksPAgIjgAAALAGM7MxLFgIg6ZqQHAEAACAzdkxF2yEkIIkBlYDgiMAAACsD44mF2wHVgsiiYUHAcERAAAA1gVHw++mAcfCg4DgCAAAAOuCI2vmm+BIglDjCAiOAAAAsD47GtvNUQgigRpHQHAEAACAtcFRZ0KwEILQVA0IjgAAALApOLJhOz6G0FQNCI4AAACwITgKZtZCGMECNY6A4AgAAAAbk6PJBYu3UzkiOwKCIwAAAKxJjmy0jYtEErkREBwBAABgQ3LUb6cBl4TkCAiOAAAAsCE5stFC2GZqBEdAcAQAAIBNyVELgdQICI4AAABwW2xkkwuBUdWA4AgAAABbZEfBRggsHgMIjgAAAHBLcDTMjJExcD/LddXzjyA4AgAAfGnJUbBGboT7iaNo8ZE4RnAEAAD4QnOjuFl4EN0c4R5Onj7Z8AiCIwAAwBeWHFkILQSWq4b7qFar33/3baFQUEoVCoXv//W7aqUy+62DAgIAAPjioiO/nQYc4D7ZsVqtrvwVahwBAAC+wOQoBKOpGj46BEcAAIAvLzfedHPEjDzwcd00Vbeur1AWAAAAAHB7cPx///M/KAsAAAAAAAAAgN8QIhWXn/vxPro5wsf1/wFfJjWFbNfnRQAAAABJRU5ErkJggg==" width="400" /><br /><br />Does anybody knows what that hidden wireless network is for? Comcast hasn't responded yet to that question on twitter.Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com10tag:blogger.com,1999:blog-7538555703405721380.post-49492732592580156552014-06-08T15:25:00.003-06:002014-06-08T15:33:44.947-06:00Custom trac+svn or GitHub (or other alternative)Recently, I had a small discussion about moving to GitHub (or another similar solution) on IRC. The subject has come up several times (and I thought several times about it) and I'd like to have a more opinions about it.<br /><br />I'm really tempted to move it since it might decrease cost a little bit and most importantly, it will decrease the amount of maintenance I have to do. However, I have some concerns and I'm open to new ideas.<br /><br />I like GitHub since it has most of the features of (a base) trac (and I don't need more than that). User management is built-in, as well as anti-spam. There is a big community around it and we can do continuous integration (using Travis CI). And I don't have to spend time cleaning up the spam, updating the server (and making sure it's secure; I guess GitHub have security measures).<br /><br />Here is what I don't like with GitHub:<br /><ol><li>You don't have control of your code anymore.</li><li>One way thing: you can import trac (tickets and stuff) to GitHub but I never heard of tools to back that up </li><li>You depend on them: if they're down, you'll have to wait for their stuff to come back up. If they get hacked, you might be in trouble. They can close your project; If you guys remember WhatsApp, a few days before it was bought by Facebook, GitHub received DCMA letters and had to close a bunch of projects that were related to WhatsApp (or API library).</li><li>You need an account to create a bug report. </li></ol>&nbsp;However, the cons can be somehow alleviated:<br /><ol><li>Hosting my own git repository and syncing to GitHub (as well as other GitHub alternatives)</li><li>If there is no tool to back up GitHub, I might develop one (and open source it) or pay somebody to create one.</li><li>Using multiple services. We could have GitHub as main the main location and using other services as back-up (read-only). If GitHub gets down, we can switch any other to read-write. However, we'll need a software to do the sync (and it also depends on the back-up program in the previous point.</li><li>If they don't have an account: Accept bug reports by email and/or have people post in the forum (you don't need an account to post) and I take care of adding them to GitHub. </li></ol><br />So, here are my questions:<br /><ol><li>What is your opinion about using GitHub (and git) for Aircrack-ng instead of trac+svn?</li><li>What are the alternative to GitHub (free, hosted)? If you've used it, please give me your opinion about it. I'm also willing to pay a few dollars a month if there is a serious one.</li><li>What are the installable (to your own server) alternatives to GitHub. It's better if it's free/open source but I don't mind paying if the solution is good.</li></ol>Here is what I found (and heard about): GitLab (to install, as backup, using gitlab-mirrors), BitBucket, Gitorious, Kiln. However, I need more feedback about them.<br /><br />As I get feedback, I'll update the post. Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com3tag:blogger.com,1999:blog-7538555703405721380.post-39085338916815672462014-04-16T15:35:00.000-06:002014-06-10T20:28:29.745-06:00Anti-virus issues and open letter to Anti-virusAnti-viruses have a bright side and a dark side.<br /><br />Well, Antivirus are like baby sitters, they prevent dangerous thing happening to your computer. In a certain light, it's a good thing but when you grow up (in this case, know how to use computers safely and want to use security tools), that baby sitter becomes more an annoyance.<br /><br />What I mean is that most security tools are flagged by anti viruses and Aircrack-ng isn't an exception. Sometimes, they just flag it as 'hacktool' or 'not-a-virus' but a few of them have weird looking names and googling them doesn't even give you an answer of what it means.<br /><br />I had to deal with a lot of stuff because of that:<br /><br /><ul><li>Emails from people telling me their antivirus detected aircrack-ng as a virus and I had to tell them it's perfectly safe and their antivirus is wrong</li><li>Yahoo who has or had a safe page system using MacAfee. It was telling Aircrack-ng website wasn't safe despite all messages saying it's perfectly safe</li><li>VIPR anti-virus who was removing links to Aircrack-ng.org because they thought it wasn't safe.</li><li>And a few other things I don't even remember. <a href="http://forum.aircrack-ng.org/index.php?topic=4875.0" target="_blank">Here is one</a> I just found in the forum</li></ul><div><br /></div><div>It hasn't been a problem until now because my hosting provider uses a service from C-Sirt.org to do online scanning of files to make sure there's no virus. In most cases, they are right but there is always an exception. The problem is that they think their system is perfect as you can see when <a href="http://www.c-sirt.org/false-positive" target="_blank">they talk about false positive</a>:</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><img border="0" src="http://3.bp.blogspot.com/-hkp7ymFaZ44/UNd4gN99U-I/AAAAAAAAAB0/LZNYgSlZefg/s1600/Screen+Shot+2012-12-23+at+2.30.58+PM.png" /></div><div><br /></div><div>At first, I was surprised and took <a href="http://www.c-sirt.org/incident?incident=63c026abe43932a75dd6b61cb747f200" target="_blank">their incident</a> seriously. I started checking the MD5 and SHA1 of the file (which haven't changed), submitted files to virustotal.com. That's where I saw why <a href="https://www.virustotal.com/file/553ad806f8d1b5ed6fcf0df9c0645cd04b1dec19809bb56cabfbbb2e3ae13cce/analysis/" target="_blank">they think Aircrack-ng is a virus</a>. As you can see, some of them give a name that will make you freak out (and using google to find out what that means gives you NOTHING) but most of them don't detect or clearly see it as Aircrack-ng.</div><div><br /></div><div>I emailed the guy behind C-Sirt.org. Unfortunately, his english is more than approximate and if I understand correctly what he tells me, I should simply contact all anti-viruses and ask them to remove Aircrack-ng from their definitions so that his algorithm won't flag it as a virus anymore.</div><div>Well, I would be more than happy to do so but my experience with first line customer service is not successful so I doubt it will work out.</div><div><br /></div><div>Back to my provider. Even though I've been a customer for more than 6 years, they blindly trust C-Sirt.org and wrongfully shut down one of my server where they thought the file was (and I'm still having issues getting it back up) and threatened to shut down my hosting where I told them where the file is because of a mistake in C-Sirt (due to antiviruses definitions). I tried to convince them without any success and I'll gladly show you the emails if you guys want (as well as the single email I got from C-Sirt.org).</div><div><br /></div><div><br /></div><div>So, Anti-virus vendors, please be smarter nannys. I'm ok with you flagging viruses but flagging security tools, that doesn't make sense and hurt us. Please remove Aircrack-ng and other security tools from your definitions.</div><div>In the meantime, I'll just repack the file and add a password so you won't be able to scan it and it won't be wrongfully flagged.</div><div>And if you're not planning to take it off your definition, I've got a request to add another well know security tool who's using Aircrack-ng:&nbsp;<a href="http://www.coresecurity.com/content/core-impact-overview" target="_blank">Core Impact</a>. They even <a href="http://corelabs.coresecurity.com/index.php?module=Wiki&amp;action=view&amp;type=tool&amp;name=WPA_Migration_Mode_patches_for_aircrack-ng_and_Kismet" target="_blank">submit a new attack</a> for Aircrack-ng which gives you a good reason (and a proof that it's not a virus) to take it off your definitions.</div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div>Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0tag:blogger.com,1999:blog-7538555703405721380.post-12211967080447905732014-03-31T12:00:00.000-06:002014-06-08T15:34:07.994-06:00Aircrack-ng 1.2 Beta 3 releaseAnd a <a href="http://www.aircrack-ng.org/" target="_blank">third beta</a>. I can guarantee there will be at least a fourth one before the final 1.2 release.<br /><br />Changelog:<br /><ul class="bbc_list"><li>Finally properly fixed the buffer overflow.</li><li>Fixed channel parsing (eg 108, 125) and updated radiotap parser.</li><li>Various other small fixes.</li></ul>Mister_Xhttp://www.blogger.com/profile/09131740892046010461noreply@blogger.com0